Re: Basic VLAN Question: Subnet-Based VLANs and ARPs

cjryan001 · ‎10-30-2013

I am pretty new to the concept of VLANs so forgive me if my terminology is a bit flawed.

I have question regarding IP-subnet VLAN classification. Basically, how do IP Subnet VLAN Classifiers work with ARPs? I assume an IP subnet VLAN classifier matches only IP packets i.e., it doesn't match ARPs. So how does one ensure ARP traffic is classified into the correct subnet VLAN especially in a routing situation? Maybe you could use the destination IP in the ARP; however, what if the IP address in an ARP is just a next hop and not the final destation? So is there such a thing as an "ARP Classifier" available to configure?

Sorry for the flury of questions. Essentially what I want to know is how do IP Subnet VLAN Classifiers work with ARPs?

Thanks

Jeff Van Houten · ‎10-30-2013

A vlan is a layer 2 concept, not a layer 3. Typically, a vlan will also define a layer 2 broadcast domain. An ARP is an attempt to resolve a layer 2 address (a MAC) given a layer 3 address (an IP address). Layer 2 information isn't transmitted across layer 3 boundaries. So, when a device is attempting to transmit data to another device using an IP address, a arp isn't even needed if the receiving device is in another subnet. The transmitting device will ARP for the MAC address of the router. The router will then route the packet to the router interface of the destination device, and then arp to determine the layer 2 destination address to write in the Ethernet frame.

Sent from Cisco Technical Support iPad App

cjryan001 · ‎10-31-2013

Thank you for the response. I'm still a bit confused.

Going back to your response, in the case of a transmitting device ARP'ing for the MAC address of the router, lets say that device is first ARP'ing through an access port on a bridge. That ARP gets tagged with a VLAN id and maybe there is a trunked port to a router eventually. I guess I am wondering how ingress rules would play out (on the bridge) as far as determining a VLAN for ARPs and determining a VLAN for the IP traffic which depends on those ARPs.

For IP traffic I'd like to set up multiple subnet-based VLAN Classifiers attached to an access port on a bridge, for example. However, I am not sure (conceptually) how to treat the ARPs going over that same access port. In your response, are you saying that ARPs don't need to get tagged (if so why) or that if they do get tagged, their tag wouldn't necessarly have to be the same PVID used by a subnet-based VLAN classifier for IP traffic (if so why)?

My apologies if I am not making sense here.

Thank you for your time.

- Casey

Jeff Van Houten · ‎10-31-2013

You don't "treat" the ARPs at all. An access port will have an assigned vlan. A single assigned vlan. All traffic arriving on that port will be tagged with a vlan id, ARP requests and everything else.

Sent from Cisco Technical Support iPad App

cjryan001 · ‎11-01-2013

Hi Jeff,

Thanks for the response. One last question. I am looking for a CISCO router/switch that allows one to set up VLAN Classifiers i.e., subnet-based or possibly protocol-based classifiers so ingressing traffic over an access port can get mapped to a VLAN based on, for example, the traffic IP subnet found in the IP header. It seems like what I've seen so far are port-based configurations for mapping streams to VLANs. Would you happen to know a product line that allows for the configuration of subnet-based VLAN classifiers?

Thank You Jeff.

- Casey