Question about switch operation..
ARP request is a broadcast and now you have two different broadcast domain. you are thinking base on wrong assumptions so you cant solve the problem untill you revisit your assumptions
sose
sose
Network Engineer
analysethis.co/index.php/forum/index
Second, when PC1 ARPs for the MAC address of 192.168.2.1 it will not get a response, and same thing goes for PC2.
Sorry S0lo, minor correction here. It doesn't quite make sense. PC1 would never ARP for the MAC address of 192.168.2.1 as its on a different subnet (technically, if it could do this process then you would get a reply as the switch is working at Layer2, ARP is working at layer two)
If we take it to layer 3 and work with the IP Addresses, the process is to first determine if you are on the same local subnet or not. If you are not on the same subnet then you will ARP for the Default Gateway (or if there is a more specific route then it would go wherever that is pointing) and then send all traffic there. If it is on the local segment, then it will do the ARP process (unless its already in cache) to get the Mac Address and then it can communicate at the Data Link layer using the MAC addresses.
The process for determining if the machine is local or not is just by doing an AND process using the subnet on both addresses;
e.g. 10.0.0.1/24 talking to 10.0.1.1/24, different subnets, the following maths shows this;
IP Src = 00001010.00000000.00000000.00000001
Mask = 11111111.11111111.11111111.00000000
AND = 00001010.00000000.00000000.00000000
IP Dest = 00001010.00000000.00000001.00000001
Mask = 11111111.11111111.11111111.00000000
AND = 00001010.00000000.00000001.00000000
If you look at both AND results, there are different which means that they are on different subnets and therefore the traffic is sent to a router (which is why the ARP would then only go for the routers IP/MAC).
Hope it helps
TTFN
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Sorry S0lo, minor correction here. It doesn't quite make sense. PC1 would never ARP for the MAC address of 192.168.2.1 as its on a different subnet (technically, if it could do this process then you would get a reply as the switch is working at Layer2, ARP is working at layer two)
Sorry Smurf, I had the same doubt at first but, when I tried it using a sniffer, it DOES ARP for the gateway although it's not on the same subnet. I know this sounds odd but I saw the ARP broadcasts sent for 192.168.2.1. Yes you could get a reply this way, but thats only if the router exists, I was following on LooseEnd's proposal (in his second post) that there is no router involved.
Your description is neat by the way
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Sorry S0lo, minor correction here. It doesn't quite make sense. PC1 would never ARP for the MAC address of 192.168.2.1 as its on a different subnet (technically, if it could do this process then you would get a reply as the switch is working at Layer2, ARP is working at layer two)
Sorry Smurf, I had the same doubt at first but, when I tried it using a sniffer, it DOES ARP for the gateway although it's not on the same subnet. I know this sounds odd but I saw the ARP broadcasts sent for 192.168.2.1. Yes you could get a reply this way, but thats only if the router exists, I was following on LooseEnd's proposal (in his second post) that there is no router involved.
Your description is neat by the way
lol, sorry fella i had missed that the default gateways in the original post where the wrong way around, thought you were just trying to talk to another machine on the other network, doh....
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
So to rephrase my question, " I dont see any reason why 2 PCs connected via a switch that are in two different networks shouldn't be able to communicate without a layer 3 device. Can anybody explain this?"
I know that the theory is that to do such communication a layer 3 device is needed. But I cant accept the theory without an explanation.
Although OSI layer 2 seems to work, layer 3 operation isn't so the communication (ping) will not work. I'd still wait for S0lo to replies as he knows networking better than I do.
What do you mean by layer 3 operation isnt working? It makes no sense to me.
ARP request is a broadcast and now you have two different broadcast domain. you are thinking base on wrong assumptions so you cant solve the problem untill you revisit your assumptions
Since the ARP is sent only through the switch,switch will broadcast it to all its ports. A switch cannot distinguish between 2 different networks. (Switch is a layer 2 device, IP networks is a layer 3 concept). Having two broadcast domains in a switch makes no difference.
I would like to put in my views:
Lets take an example
PC A (10.1.1.1/24) --L2 switch--- PC B ( 20.1.1.1/24)
From PC A ping PC B
PC A will perform an anding operation of the destination address and its subnetmask, it judges that the ip address belongs to a different network, hence its job is to arp for the default gateway, but when you havent mentioned a default gateway, there is no arp sent for PC B , hence no communication is possible.