Skip to main content

Question about switch operation..

More
15 years 6 months ago #30386 by sose
by assigning two different IPs of different subnet, you have succeeded in compactmentalising the the network(LAN). now the two people in this case your PC in the house are placed in two different sound proof rooms : they cant hear each other.

ARP request is a broadcast and now you have two different broadcast domain. you are thinking base on wrong assumptions so you cant solve the problem untill you revisit your assumptions

sose
More
15 years 6 months ago #30395 by Smurf

Second, when PC1 ARPs for the MAC address of 192.168.2.1 it will not get a response, and same thing goes for PC2.


Sorry S0lo, minor correction here. It doesn't quite make sense. PC1 would never ARP for the MAC address of 192.168.2.1 as its on a different subnet (technically, if it could do this process then you would get a reply as the switch is working at Layer2, ARP is working at layer two)

If we take it to layer 3 and work with the IP Addresses, the process is to first determine if you are on the same local subnet or not. If you are not on the same subnet then you will ARP for the Default Gateway (or if there is a more specific route then it would go wherever that is pointing) and then send all traffic there. If it is on the local segment, then it will do the ARP process (unless its already in cache) to get the Mac Address and then it can communicate at the Data Link layer using the MAC addresses.

The process for determining if the machine is local or not is just by doing an AND process using the subnet on both addresses;

e.g. 10.0.0.1/24 talking to 10.0.1.1/24, different subnets, the following maths shows this;

IP Src = 00001010.00000000.00000000.00000001
Mask = 11111111.11111111.11111111.00000000
AND = 00001010.00000000.00000000.00000000

IP Dest = 00001010.00000000.00000001.00000001
Mask = 11111111.11111111.11111111.00000000
AND = 00001010.00000000.00000001.00000000

If you look at both AND results, there are different which means that they are on different subnets and therefore the traffic is sent to a router (which is why the ARP would then only go for the routers IP/MAC).

Hope it helps

TTFN

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
15 years 6 months ago #30405 by S0lo

Sorry S0lo, minor correction here. It doesn't quite make sense. PC1 would never ARP for the MAC address of 192.168.2.1 as its on a different subnet (technically, if it could do this process then you would get a reply as the switch is working at Layer2, ARP is working at layer two)


Sorry Smurf, I had the same doubt at first but, when I tried it using a sniffer, it DOES ARP for the gateway although it's not on the same subnet. I know this sounds odd but I saw the ARP broadcasts sent for 192.168.2.1. Yes you could get a reply this way, but thats only if the router exists, I was following on LooseEnd's proposal (in his second post) that there is no router involved.

Your description is neat by the way ;)

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
More
15 years 6 months ago #30406 by Smurf

Sorry S0lo, minor correction here. It doesn't quite make sense. PC1 would never ARP for the MAC address of 192.168.2.1 as its on a different subnet (technically, if it could do this process then you would get a reply as the switch is working at Layer2, ARP is working at layer two)


Sorry Smurf, I had the same doubt at first but, when I tried it using a sniffer, it DOES ARP for the gateway although it's not on the same subnet. I know this sounds odd but I saw the ARP broadcasts sent for 192.168.2.1. Yes you could get a reply this way, but thats only if the router exists, I was following on LooseEnd's proposal (in his second post) that there is no router involved.

Your description is neat by the way ;)


lol, sorry fella i had missed that the default gateways in the original post where the wrong way around, thought you were just trying to talk to another machine on the other network, doh....

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
15 years 6 months ago #30410 by LooseEnd
Thank you for your replies. However I dont see any direct logical answer to my question.

So to rephrase my question, " I dont see any reason why 2 PCs connected via a switch that are in two different networks shouldn't be able to communicate without a layer 3 device. Can anybody explain this?"

I know that the theory is that to do such communication a layer 3 device is needed. But I cant accept the theory without an explanation.

Although OSI layer 2 seems to work, layer 3 operation isn't so the communication (ping) will not work. I'd still wait for S0lo to replies as he knows networking better than I do.


What do you mean by layer 3 operation isnt working? It makes no sense to me.


ARP request is a broadcast and now you have two different broadcast domain. you are thinking base on wrong assumptions so you cant solve the problem untill you revisit your assumptions


Since the ARP is sent only through the switch,switch will broadcast it to all its ports. A switch cannot distinguish between 2 different networks. (Switch is a layer 2 device, IP networks is a layer 3 concept). Having two broadcast domains in a switch makes no difference.
More
15 years 5 months ago #30438 by emperorz
Hi,
I would like to put in my views:
Lets take an example

PC A (10.1.1.1/24) --L2 switch--- PC B ( 20.1.1.1/24)

From PC A ping PC B

PC A will perform an anding operation of the destination address and its subnetmask, it judges that the ip address belongs to a different network, hence its job is to arp for the default gateway, but when you havent mentioned a default gateway, there is no arp sent for PC B , hence no communication is possible.
Time to create page: 0.139 seconds