Hi, Handsome,thanks!

let me ask you in this way:

suppose there is another host C attached to Switch A as well. Host C belongs to Vlan 200, again, Host A and B belongs to Vlan 100.

when host A tries to send a packet to C. when the packet arrives at switch A, what doest this switch do? it will certainly forward it to Router A. But how does it not forward directly to host C since it has Host C's Mac address in its table? this is the difference between a Vlaned network and a normal one. right?

thanks again.

When you implement VLANs, think of each VLAN as a separate switch (it is, logically). Each VLAN has it's own IP address range / block / subnet.

The host C sends a frame to host A or B using it's IP address. The host knows that host A or B is on a different IP network / subnet, so it sends the frame to the "Default Gateway" (after getting the MAC via ARP, if necessary).

The default gateway (router / L3 switch) receives the frame (because it was sent to his MAC address), removes the frame, and looks at the IP address in the packet (frame = L2, Packet = L3), and decides where to send it.

Since the router knows where the subnet is that the packet was addressed (it's directly attached in your example), it re-encapsulates the packet (the IP addresses remain the same) in a new frame with the destination MAC of host A or B.

If necessary, the router will ARP for Host A or B's MAC address (based on the IP address it saw when it looked at the packet).

The switch (if it's operating normally) won't forward the frame directly from Host C (on one network/subnet) to host A or B (on a different network/subnet) because the VLAN makes them appear as being attached to different switches.

And, to correct the other poster: If the switch gets a frame where the destination MAC is unknown, it doesn't "broadcast" the frame out all of the ports; it "Floods" it.

The difference is that a broadcast as a destination address of all ones (ff.ff.ff.ff.ff.ff), where a "flooded" frame retains the original sources and destination MAC.

If the frame was broadcast, all hosts would have to "look" at it, when it's flooded, only the intended recipient host should care about it.

FWIW

Scott

Scott,

Nice explanation! I especially like the difference between "broadcast" and "flood". To many times I've seen these terms used interchangeably.

Now where's that bookmark feature so I can refer back to this post?

Steve

Thanks, Scott,

I am not clear yet.

The hosts are involved in routing. A host must be able to differ another host "whether it is on the same Vlan as itself." what makes it know this? some kind of table?

thanks!

Hosts don't really know anything about routing.

They know their IP address, their network mask, and their Default Gateway. That's it.

Each VLAN must use a discreet network address (i.e., block of addresses, range of addresses, subnet)

When an application passes data down the stack, part of the information contained is "Where does this go?" (what's the destination IP address?).

The host looks at the destination address, then applies the network mask: The result shows whether the destination is on "my network" (local to the host's segment) or "off-network" (somewhere on the other side of a router).

If the address is "local" (in my broadcast domain / VLAN), the host encapsulates the IP Packet into a frame with the destination MAC of the (local) host.

If the destination is "remote," then the host encapsulate the IP packet into a frame with th e destination address of the "Default Gateway."

In either case, if the MAC is unknown, ARP will be used to (attempt to) map the correct MAC to the destination IP.

Anyway ... there are no tables, it's purely a matter of comparing the address-plus-netmask of the host (itself) against the address-plus-netmask of the destination. If the two are different, it uses the Default Gateway, if they're the same, it drops the packet into a frame and sends it on (ARPing, if necessary, for the MAC).

Gotta run ... I hope this helped.

Scott

Scotts are always great!

For router A in the original diagram, does it have every ip-mac pair(for every host in the entire network) in its Mac-address table?

thanks!

No, it wouldn't (necesarily).

Routers only care about Layer3 (as far as routing path goes). It handles the MACs for the attached networks just like any other host.

If it has talked to a host from an attached network within the (definable) timeout period, it'll have the IP-MAC pair in it's ARP cache / ARP Table.

If it hasn't, and the entry has aged out (and was dropped), it's the same as never having heard the address and it will ARP to get the MAC (just like any other host).

It's usually possible to establish some static ARP entries, but it's generally not done.

There are a bunch of other wrinkles (Proxy ARP, etc.) that modify the answer some ... but, within the context of your question, and to keep things (relatively) short & simple, this is typical operation.

Good Luck

Scott

thanks both of you

scott, I've read a book, which states "traffic within a Vlan does not need routing."

q1. is this statement right? if it is a fussy answer, ignor it as nonexistent.

Consider this topology which is similar to what we are talking about.

Host A---Switch A----Router A.....Router B----Switch B--host B.

...... means there might be many other routers.

Vlan 100 and 200 are attached to both swtiches.

host A and B belong to Vlan 100.

q2. Can Host A and B in different subnets(IP)?

q3. When host A sends a packet to host B, when the packet arrives at router A, what does the router suppose to do? only layer 2 actions?

thansk

Hi Han,

Good info by scot.

Yes and No both. If u hv switch A and switch B or more connected to a router, then the router would be having the mac-ip combinations of all hosts but if u have multiple routers connected in a big network then the routers between the network will be carrying only the other routers (remote destination's) ip-mac combination.

thanks both of you

scott, I've read a book, which states "traffic within a Vlan does not need routing."

q1. is this statement right? if it is a fussy answer, ignor it as nonexistent.

Consider this topology which is similar to what we are talking about.

Host A---Switch A----Router A.....Router B----Switch B--host B.

...... means there might be many other routers.

Vlan 100 and 200 are attached to both swtiches.

host A and B belong to Vlan 100.

q2. Can Host A and B in different subnets(IP)?

q3. When host A sends a packet to host B, when the packet arrives at router A, what does the router suppose to do? only layer 2 actions?

thansk

Can Host A and Host B be in different locations, with routers in the middle, be in the same VLAN, but have different IP addresses?

No. The definition of a VLAN is that it's a broadcast domain (an extended broadcast domain, in this case).

If you only had one switch with Host A and Host B connected, can they have addresses from different networks / subnets / address blocks?

No, for the same reason.In order for Host A and Host B to talk to each other inthe same broadcast domain, they have to be members of the same address block (subnet, network address).

In order for two hosts on different networks to talk to each other (via IP), you must have a layer three device (router, L3 Switch) in between to connect them.

Think of a VLAN as a Broadcast Domain, like a single switch (or hub), no matter what's in the middle ...

VLANs allow you to put Host B and Host A in different places and still talk on the same broadcast domain (using the same address block / network address / subnet).

Good Luck

Scott

Finally, it reminds me taht appearance is different from reality. lol.

thanks soctt, can i say this after all the informaion you provides:

a Vlan= a group of ip in a same block & the ip from this group can only be assigned to this Vlan?

certainly, you have to assign them to hosts.

thanks!