Hello @paul driver 

My question is about switch which is L2, but has IP interfaces just like PC for example. Switch needs IP not only for management, but also for SNMP, Tacacs, NTP, etc. All my questions implies that switch can't do routing. So, my questions are: If switch doesn't have default gateway configured, how is it going to reach networks (remote networks) which are not part of its interface?

It wont be able to, it will need a default-gateway for a next-hop for any remote MGT connectivity, without it, then it will be reliant on a routed device connected to the same subnet to proxy arp for it and chances are it still wont work

In order for Proxy ARP router to reply it needs get ARP request from the switch. So, my question out of which interface switch is going to send request?

Hello
Any active port associated with the L3 svi of the switch or any routed port (if supported)

Hello @Joseph W. Doherty  Thank you for the reply.

I did some tests with Virtual Router. I disabled IP routing to make this router just a normal host without routing capability. I configured one of the Router's interface with IP address 192.168.1.1 /24. I didn't configure Default Gateway. I enabled packet capture on interface which has IP address. Then I started to ping 8.8.8.8 and I see that Router is sending ARP requests out of that Interface (with IP address configured). I tried to ping many different IP addresses which are not part of interface network 192.168.1.0/24 and all the time Router sends ARP for those destination out of that interface.

Then I did another test. I configured second Interface on Router with IP: 172.16.1.1/24. So, I had 2 interfaces configured with IP addresses. I did the same ping, and every time when I did pings to remote networks, Router was sending ARP only out of one particular interface. So, it doesn't send ARP requests (for the same destination) in parallel out of all active interfaces, also it doesn't try to send ARP our of another interface, if there is no ARP reply for the first interface. It looks like, if there are multiple interfaces, Cisco IOS choose one interface to send ARP out of it, if no default gateway is configured, and packets needs to be send to non-connected network. Then I disabled that interface and ping again, this time Router started to send ARP requests out of another interface. After I enabled first interface back, Router started to ARP from it. So, it looks like there is some logic, router picks some interface and uses it to ARP non-connected networks, but if it's down it will ARP anyway, but from another active interface. It's very interesting, which logic CIsco IOS uses to pick interface for ARP non-connected networks (considering that default gateway is not configured).

It seems you pretty much confirmed what I wrote (both what I expected, and what might happen).

Again, not an issue I've had to deal with.

It's possible RFCs don't address multi-homed hosts without gateways correct/expected behavior, or if they do, they might have "may" rather than "shall", or a vendor's particular implementation may be buggy or it doesn't (intentionally) conform to RFCs.

Whatever the actual case, whatever you discover, I would be careful considering it will always be done that way on other devices.  (This because, not something many will use or rely upon for real-world operations.)

@Joseph W. Doherty  thanks for the reply. Basically, I just wanted to check if experts from this forum aware of that behavior of Cisco IOS and maybe can clarify it. But it seems this behavior is not documented, so we can just guess.

"Whatever the actual case, whatever you discover, I would be careful considering it will always be done that way on other devices." - Totally agree with you.

"This because, not something many will use or rely upon for real-world operations" - Can you please explain what do you mean?

"Yes, but if host has a network mask, it will know what's considered on its own network vs. not its own network. (Keep in mind, networks not the host's might still be on/within the same L2 broadcast domain, so for those on the same L2 broadcast domain, ARPing works fine, no proxy router needed, and if proxy router, ARPing works for non host network physically within same L2 broadcast domain, and those "beyond" the proxy router.)" - Can you please explain this? Do you mean that different networks still can be in one L2 broadcast domain? And this part please "and if proxy router, ARPing works for non host network physically within same L2 broadcast domain, and those "beyond" the proxy router."

@Joseph W. Doherty  Honestly, I don't think there is any valid reason to put different network in one L2 broadcast domain. Is there any valid reason for that?

" Honestly, I don't think there is any valid reason to put different network in one L2 broadcast domain. Is there any valid reason for that?"

Honestly, there is a valid reason.  ; )

Normally it's not done, except in the case of transitioning from one network prefix to another, e.g. moving a /27 to a /26 (or larger).

Multiple networks in the same L2 domain would be dealt with, on the same interface, by using secondary addressing.

@mlund  Thank you for reply. And really appreciated that you liked my test.

I did already port swapping. Initially I configured ports Gig0/0 & Gig0/1 and Router was always picking Gig0/0 and I also thought that it will always pick the lowest number. Then I configured Gig0/2 and disabled Gig0/0. And Router started to send ARPs out of Gig0/2, not out of the current lowest active port which is Gig0/1. So, it looks like Cisco IOS has different logic. I'll check regarding higher IP address and let you know.