cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
1049
Views
5
Helpful
8
Replies
mizukaito
Beginner

Defaulut GW is set as a different subnet but it works, WHY?

Thank you for all of your help.

I made my question simple.

When a router has multiple active subnets, hosts can ping with another subnet's GW address.

Please see the following image.

I made two types of structures.

Three success examples with red square should NOT success due to the wrong GW address on those hosts.

But those PCs can ping each other.

I'd like to know why it works.

 

 

If you can not see the image, please see the attachment; gwquestion2.jpg.

If you need further information, please let me know.

Thanks

 

 

 

=== OLD IMAGE ===========================

Please look at the image on this email below.

There are four areas, 0, 11, 22 and 33.

In the area 33, PCs are configured with static IP addresses.

PC, named DOG, is set as follow,

IP address: 192.168.33.20

Default GW: 192.168.1.1

This area is set as VLAN 33 at SW3.

The default GW is set on the R1 and it's configured encapsulate dot1q.

f0/0.11   192.168.1.1

f0/0.33   192.168.33.1

 

 

Other PCs are correctly configured and work.

The PC, named CAT, in the same area is configured as follow,

IP address: 192.168.33.10

Default GW: 192.168.33.1

And it works as well.

 

 

Is it possible to set a default GW of a different subnet on a host?

If so, is this configuration used in actual networking?

Is there any problem or concern for this settings?

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

There are some things about this environment that I do not understand. But almost certainly the reason why the PCs can ping each other has to do with proxy arp. With proxy arp enabled the Cisco router will respond to an arp for a "remote" address if the router has a route to the destination. If the PC default gateway is 192.168.1.1 and that is on a remote subnet and if the PC sends an arp looking for 192.168.1.1 then the router will respond to the arp request using the router's mac address as long as the router has a route to 192.168.1.1.

 

I have seen this used in production networks, though increasingly organizations are disabling proxy arp because they believe that it contributes to security weakness in their impelmentation.

 

HTH

 

Rick

HTH

Rick

View solution in original post

8 REPLIES 8
Robert Falconer
Beginner

What is the subnet mask on Dog? What vlan is the connected switchport on?

If you have a /16 mask, then 192.168.1.1 and 192.168.33.20 are on the same subnet. If Dog's switchport is in vlan 11, then this configuration would work.

Thank you for replying to me.

All masks are set /24.

 

DOG: 192.168.33.20/24 in VLAN 33

R1 f0/0.11: 192.168.1.1/24 for VLAN 11

R1 f0/0.33: 192.168.33.1/24 for VLAN 33

 

After asking this question, I found all hosts can work with default GW, 192.168.1.1/24.

Actually they can ping with any IP addresses as a default GW withing the following ranges.

VLAN11: 192.168.1.0/24, Area 11(OSPF)  => Yellow area in the figure

VLAN33: 192.168.33.0/24, Area 33(OSPF) => Green area in the figure

Non-VLAN: 192.168.2.0/24, Area 22(OSPF) => Red area in the figure

BorderArea: 192.168.0.0/24, Area 0(OSPF) => Blue area in the figure

 

I tested from PC0 in the area 22 to DOG in the area 33.

Change several IP addresses as a default GW of PC0.

Only when the GW is set blank or with an IP address our of the above ranges, pinging is failed.

e.g. 172.16.1.1 => pinging is failed with this IP address as a GW.

 

I wonder the structure; there are three routers are connected making a circle.

Those are all set OSPF area 0.

192.168.1.1/24 and 192.168.33.1 are set on the R1.

192.168.2.1 is set on the R2.

 

If this structure is correct or a possible idea, it will be fine.

But if not, I'd like to know what is wrong...

If you need further information, please let me know.

 

Thank you

Hi,

You should have your gateway belongs to same subnet of the host.....

 

Regards

Karthik

Thank you for your reply.

Yes, the gateway should be the same subnet with the host.

I mistakenly configure the wrong gateway.

But it can ping each other.

It should not work.

Then I posted this question.

I added simple examples.

If you have enough time, could you please see the new image?

Thank you for taking your time.

Is this a virtual environment you are using?

The gateway must be on the same subnet as the source host. There's a process a source host performs called 'anding' to determine if a destination is on the same subnet or a remote subnet. If the result of anding is the destination is on a different subnet, the source host must send the traffic to the next hop for that destination, which is typically a default gateway on a PC(thought it could also be a static route)

If the configurations you are providing for the PCs are correct, then there must be some issue with the virtual environment you're using. Gateways/Next hops must be on the same subnet as the host.

There are some things about this environment that I do not understand. But almost certainly the reason why the PCs can ping each other has to do with proxy arp. With proxy arp enabled the Cisco router will respond to an arp for a "remote" address if the router has a route to the destination. If the PC default gateway is 192.168.1.1 and that is on a remote subnet and if the PC sends an arp looking for 192.168.1.1 then the router will respond to the arp request using the router's mac address as long as the router has a route to 192.168.1.1.

 

I have seen this used in production networks, though increasingly organizations are disabling proxy arp because they believe that it contributes to security weakness in their impelmentation.

 

HTH

 

Rick

HTH

Rick

View solution in original post

Thank you for taking your time.

Yes, I'm using a virtual environment, packet tracer.

IP address on that PC is correct but the default gateway is wrongly configured with another one in the different subnet.

Ping should fail but it can successfully ping to another PC in the different subnet.

That's problem...

Thank you again to respond to my question.

mizukaito
Beginner

Thank you for giving your advice.

I think your answer makes sense for me.

As you mention, only when the wrong default gateway exists in remote site, ping can be successfully routed to another subnet.

I also found something in my textbook.

It says that some cache can be related to route.

I think it is about proxy ARP.

On the Packet Tracer, I don't know how to disable ARP but I found some articles about it.

Thank you for taking your time and sharing your precious experience about production networks. That is also the one that I wanted to know.