Solved: Re: How does switch determine if the host IP is not in range of VLAN?

royavi5302 · ‎04-06-2024

VLAN 10 (IP range 10.10.X.100 - 1.200)

F0/1,F0/2,F1/1,F1/2 --> Belongs to VLAN10 of L2 SW (all access ports)
HostA(10.10.X.110) -----> [F0/1] (SW) [F1/1] ----> Router

HostB(10.10.Y.300) -----> [F0/2] (SW)[F1/1] -----> Router

Imagine a situation where I have a switch 4 ports (ingress & egress) that are part of VLAN 10 (access VLAN) and I have configured the IP range of VLAN 10 in the Router from 10.10.X.100 - 1.200. HostA is part of that IP range and VLAN 10.

Again I connect another host, HostB to an interface of SW that belongs to VLAN 10 (access) but configure the host IP out of the range of VLAN 10 (10.10.Y.300)
Currently, SW knows the MAC address of HostA. Now if HostB tries to Ping HostA, as we know that L2 SW only understands MAC address, will it forward the packet to the interface connected to HostA (F0/1)? or it will drop the packet as the IP is not part of VLAN10?

Richard Burts · ‎04-06-2024

@liviu.gheorghe makes a valid point that while the range of 100 to 200 makes sense to humans it is not an effective range for IP addressing. But the OP asks a very valid question (if we ignore the part about the specific range of addresses). And there is an easy answer to the question: If the switch is a layer 2 switch it does not care about IP ranges (which are used at layer 3 not layer 2). A layer 2 switch forwards based on mac address and on vlan membership. So if both hosts are in the same vlan the layer 2 switch will forward traffic between the two hosts and does not care whether the IP addresses are in the same range or not.

The layer 2 switch will forward the traffic. Whether IP communication is successful or not depends on the OS of the hosts, and on how the hosts are configured. If the hosts are configured with IP addresses and masks that mean that host2 is not in the subnet range of host1 I have seen situations where the communication is successful and I have seen situations where communication fails. But that decision is made by devices that process layer 3 and not made by a layer 2 switch.

HTH

Rick

View solution in original post

Joseph W. Doherty · ‎04-06-2024

It depends whether your hosts have a gateway address configured and also whether router is configured for proxy.

royavi5302 · ‎04-06-2024

Lets assume there is no proxy and the host has a gateway. But there is no intervlan communication.

From HostB when I do ping 10.10.X.100 (I know it will fail), what switch will do at L2 level?

MHM Cisco World · ‎04-06-2024

SW is pure L2 and router do inter-vlan?

If yes then SW only looking on mac address' and PC can not send ping

Becuase it stop at ARP step' since not reply from GW then host-B continues send arp without success.

You will not see this step when you do ping you will get ping timeout.

But if you have capture then it easy to see it

MHM

MHM Cisco World · ‎04-07-2024

this lab for you
as I mention the pure L2 (without ip routing and without SVI) dont read IP header of any packet/frame
this lab explain ARP and Ping
it maybe complicate to get idea so I do lab
R1 correct IP to VLAN assign in R3
R2 not correct IP to VLAN assign in R3
in R3 the VLAN 10 have IP 10.0.0.0/24 and VLAN 20 have IP 20.0.0.0/24

you can see I run debug ARP
you can see the success ping in correct IP have no incomplete ARP, the ARP success and ping success
the not success ping in not correct IP have incomplete ARP, the ARP failed and ping failed
and as I mention if you dont run debug arp or show arp you can not know if arp success or not, you get only failed ping.

NOTE:- check the MAC address of 20.0.0.1 it same as MAC of GW, and that totally correct and health network

Joseph W. Doherty · ‎04-06-2024

"From HostB when I do ping 10.10.X.100 (I know it will fail), what switch will do at L2 level?"

Switch will process frames, as it should. But what will host B do first? It will ARP for its gateway, which you note it has, but what is it? You haven't described it.

liviu.gheorghe · ‎04-06-2024

Again I connect another host, HostB to an interface of SW that belongs to VLAN 10 (access) but configure the host IP out of the range of VLAN 10 (10.10.Y.300)

An observation - IPv4 addresses are 32 bits long and are represented by 4 octets separated by a period. Each octet value ranges from 0 to 255, so the address you mention, 10.10.Y.300, is not valid and couldn't be configured on a Cisco device interface.

I recommend you go through the following online courses which will help you understand the basics of networking, device configuration and IP addressing:

https://skillsforall.com/course/networking-basics?courseLang=en-US

https://skillsforall.com/course/networking-devices-and-initial-configuration?courseLang=en-US

https://skillsforall.com/course/network-addressing-and-basic-troubleshooting?courseLang=en-US

https://skillsforall.com/course/network-support-security?courseLang=en-US

Hope this helps.

Regards, LG
*** Please Rate All Helpful Responses ***

royavi5302 · ‎04-06-2024

Ahh thats a mistake. Typo I guess. It should've Y.30. Sorry for the confusion/

Richard Burts · ‎04-06-2024

@liviu.gheorghe makes a valid point that while the range of 100 to 200 makes sense to humans it is not an effective range for IP addressing. But the OP asks a very valid question (if we ignore the part about the specific range of addresses). And there is an easy answer to the question: If the switch is a layer 2 switch it does not care about IP ranges (which are used at layer 3 not layer 2). A layer 2 switch forwards based on mac address and on vlan membership. So if both hosts are in the same vlan the layer 2 switch will forward traffic between the two hosts and does not care whether the IP addresses are in the same range or not.

The layer 2 switch will forward the traffic. Whether IP communication is successful or not depends on the OS of the hosts, and on how the hosts are configured. If the hosts are configured with IP addresses and masks that mean that host2 is not in the subnet range of host1 I have seen situations where the communication is successful and I have seen situations where communication fails. But that decision is made by devices that process layer 3 and not made by a layer 2 switch.

HTH

Rick

Joseph W. Doherty · ‎04-06-2024

Rick, is exactly correct, L2 forwarding doesn't concern itself with L3. Which is why I wrote "Switch will process frames, as it should.". Keyword is frames. But, generally communication between hosts doesn't start with frames, especially as OP defines different subnets. (BTW, if both hosts know of other host's MAC, then they could intercommunicate at L2, being in same VLAN.)

Rick further describes intercommunication, at L3, that sometimes works and sometimes doesn't, without, apparently, knowing the complete L3:setup. Well, there are some L3 configurations that should work and others that shouldn't. However, working or non working can be due to bugs. Rick, again, is correct, result should depend on L3, not L2.