06-24-2014 06:08 AM - edited 03-07-2019 07:49 PM
Thank you for all of your help.
I made my question simple.
When a router has multiple active subnets, hosts can ping with another subnet's GW address.
Please see the following image.
I made two types of structures.
Three success examples with red square should NOT success due to the wrong GW address on those hosts.
But those PCs can ping each other.
I'd like to know why it works.
If you can not see the image, please see the attachment; gwquestion2.jpg.
If you need further information, please let me know.
Thanks
=== OLD IMAGE ===========================
Please look at the image on this email below.
There are four areas, 0, 11, 22 and 33.
In the area 33, PCs are configured with static IP addresses.
PC, named DOG, is set as follow,
IP address: 192.168.33.20
Default GW: 192.168.1.1
This area is set as VLAN 33 at SW3.
The default GW is set on the R1 and it's configured encapsulate dot1q.
f0/0.11 192.168.1.1
f0/0.33 192.168.33.1
Other PCs are correctly configured and work.
The PC, named CAT, in the same area is configured as follow,
IP address: 192.168.33.10
Default GW: 192.168.33.1
And it works as well.
Is it possible to set a default GW of a different subnet on a host?
If so, is this configuration used in actual networking?
Is there any problem or concern for this settings?
Solved! Go to Solution.
07-19-2014 01:19 PM
There are some things about this environment that I do not understand. But almost certainly the reason why the PCs can ping each other has to do with proxy arp. With proxy arp enabled the Cisco router will respond to an arp for a "remote" address if the router has a route to the destination. If the PC default gateway is 192.168.1.1 and that is on a remote subnet and if the PC sends an arp looking for 192.168.1.1 then the router will respond to the arp request using the router's mac address as long as the router has a route to 192.168.1.1.
I have seen this used in production networks, though increasingly organizations are disabling proxy arp because they believe that it contributes to security weakness in their impelmentation.
HTH
Rick
06-24-2014 02:45 PM
What is the subnet mask on Dog? What vlan is the connected switchport on?
If you have a /16 mask, then 192.168.1.1 and 192.168.33.20 are on the same subnet. If Dog's switchport is in vlan 11, then this configuration would work.
06-24-2014 05:02 PM
Thank you for replying to me.
All masks are set /24.
DOG: 192.168.33.20/24 in VLAN 33
R1 f0/0.11: 192.168.1.1/24 for VLAN 11
R1 f0/0.33: 192.168.33.1/24 for VLAN 33
After asking this question, I found all hosts can work with default GW, 192.168.1.1/24.
Actually they can ping with any IP addresses as a default GW withing the following ranges.
VLAN11: 192.168.1.0/24, Area 11(OSPF) => Yellow area in the figure
VLAN33: 192.168.33.0/24, Area 33(OSPF) => Green area in the figure
Non-VLAN: 192.168.2.0/24, Area 22(OSPF) => Red area in the figure
BorderArea: 192.168.0.0/24, Area 0(OSPF) => Blue area in the figure
I tested from PC0 in the area 22 to DOG in the area 33.
Change several IP addresses as a default GW of PC0.
Only when the GW is set blank or with an IP address our of the above ranges, pinging is failed.
e.g. 172.16.1.1 => pinging is failed with this IP address as a GW.
I wonder the structure; there are three routers are connected making a circle.
Those are all set OSPF area 0.
192.168.1.1/24 and 192.168.33.1 are set on the R1.
192.168.2.1 is set on the R2.
If this structure is correct or a possible idea, it will be fine.
But if not, I'd like to know what is wrong...
If you need further information, please let me know.
Thank you
06-24-2014 11:22 PM
Hi,
You should have your gateway belongs to same subnet of the host.....
Regards
Karthik
06-25-2014 05:58 AM
Thank you for your reply.
Yes, the gateway should be the same subnet with the host.
I mistakenly configure the wrong gateway.
But it can ping each other.
It should not work.
Then I posted this question.
I added simple examples.
If you have enough time, could you please see the new image?
Thank you for taking your time.
06-25-2014 08:15 AM
Is this a virtual environment you are using?
The gateway must be on the same subnet as the source host. There's a process a source host performs called 'anding' to determine if a destination is on the same subnet or a remote subnet. If the result of anding is the destination is on a different subnet, the source host must send the traffic to the next hop for that destination, which is typically a default gateway on a PC(thought it could also be a static route)
If the configurations you are providing for the PCs are correct, then there must be some issue with the virtual environment you're using. Gateways/Next hops must be on the same subnet as the host.
07-19-2014 01:19 PM
There are some things about this environment that I do not understand. But almost certainly the reason why the PCs can ping each other has to do with proxy arp. With proxy arp enabled the Cisco router will respond to an arp for a "remote" address if the router has a route to the destination. If the PC default gateway is 192.168.1.1 and that is on a remote subnet and if the PC sends an arp looking for 192.168.1.1 then the router will respond to the arp request using the router's mac address as long as the router has a route to 192.168.1.1.
I have seen this used in production networks, though increasingly organizations are disabling proxy arp because they believe that it contributes to security weakness in their impelmentation.
HTH
Rick
07-19-2014 09:01 PM
Thank you for taking your time.
Yes, I'm using a virtual environment, packet tracer.
IP address on that PC is correct but the default gateway is wrongly configured with another one in the different subnet.
Ping should fail but it can successfully ping to another PC in the different subnet.
That's problem...
Thank you again to respond to my question.
07-19-2014 09:14 PM
Thank you for giving your advice.
I think your answer makes sense for me.
As you mention, only when the wrong default gateway exists in remote site, ping can be successfully routed to another subnet.
I also found something in my textbook.
It says that some cache can be related to route.
I think it is about proxy ARP.
On the Packet Tracer, I don't know how to disable ARP but I found some articles about it.
Thank you for taking your time and sharing your precious experience about production networks. That is also the one that I wanted to know.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide