+ Reply to Thread
Results 1 to 7 of 7
  1. Junior Member Registered Member
    Join Date
    Aug 2017
    Posts
    1
    #1

    Default VLANs layer 3 switch question

    I have 2 PCs connected to a layer 3 switch. First PC in vlan 5 and second PC in vlan 10. The default gateway for these PCs are the vlan interfaces on the layer 3 switch. I did not configure any inter vlan routing, I don't even have ip routing enabled on the layer 3 switch. My question is this. I can ping from PC vlan 5 to its default gateway on the switch, but I can also ping the default gateway of the other VLAN (10). I cannot ping the PC in vlan 10, obviously. Why am I able to ping from PC5 the default gateway of a totally different vlan? I thought I needed routing to do that. I'm really confused. As I said, i don't have ip routing enabled on the switch.

    Reply With Quote Quote  

  2. SS -->
  3. Junior Member networkfuzz's Avatar
    Join Date
    May 2017
    Posts
    13

    Certifications
    CCENT
    #2
    Can you paste the running-config here?
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Aug 2017
    Posts
    19
    #3
    If IP routing is OFF on the switch, then it behaves like a normal host which means you won't be able to get pass your local network from any of the PCs. If routing was ON, then the switch would move the frame between the SVIs and the ping would succeed.
    Reply With Quote Quote  

  5. Junior Member
    Join Date
    Aug 2017
    Posts
    19
    #4
    I just noticed you said you can do it - are you sure there is no "ip default-gateway" command in place and "no ip routing" shows up in the config? If you say "no" to both, it may be a bug on your virtual switch.
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    Aug 2017
    Posts
    10

    Certifications
    CCNA Security & Voice, CCNP R/S
    #5
    This was simple enough to lab and I had never really thought about this nor tried it until now.

    I duplicated your topology and achieved the same results on a 3560, ip routing was disabled and a default gateway had not been set.

    Switch#show ip route
    Default gateway is not set

    Host Gateway Last Use Total Uses Interface
    ICMP redirect cache is empty


    Playing with this, ended up being a reminder of what the purpose of a SVI is, to assign an entire VLAN on a switch to a logical Layer 3 IP address, to assist with the routing of traffic in and out of a VLAN.

    Since it’s layer 3, and references every device/port within the VLAN, some additional processing would be needed to determine which specific device the traffic is intended for and if it’s allowed. (i.e. routing/encapsulation/decapsulation). When the Host first pings the other SVI default gateway, the switch send the traffic to it's own default gateway. From there, the switch recognizes it knows how to get to the other subnet since a SVI is assigned to it, so it responds back.


    How I’m thinking about this now is, a ping to the gateway address is a knock on the front door, no determination is being made to allow the traffic thru the door. The door was merely found, which on the other side are devices in that subnet. Only when the traffic actually go thru the door are IDs (VLANs) checked.

    In this scenerio, our ping is actually only asking if the door exists.
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Jan 2013
    Location
    NJ, USA
    Posts
    21

    Certifications
    CompTIA A+, Net+, CCENT
    #6
    My understanding is that an SVI is just a logical vlan interface and does not mean it is a member of the vlan int #. Which is why the switch can ping all its svi's no matter what vlan you intended them to be for. The traffic is not getting blocked until it hits the switchport facing the vlan 10 PC.
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Aug 2017
    Posts
    10

    Certifications
    CCNA Security & Voice, CCNP R/S
    #7
    Putting aside the VLAN membership issue, what I found additionally surprising is the fact that the Switch has no problems with the fact the Gateway is in a different subnet.

    As a test, I created another SVI, 192.168.1.1, and both PC's could ping that. They could also ping a routed ports IP address.

    It does make sense that the switch knows how to get to any logical interface, since the destinations are itself.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks