L2 Switch not talking to Default Gateway

nothimagain

So here's my setup. I have my switch configured with an ip default gateway of 192.10.10.1 . I also have 3 VLANs configured on it as well . Vlan 10- 192.10.10.2 /24 Vlan 20- 192.10.20.2 /24 Vlan 30- 192.10.30.2 /24 My router is configured with 3 subinterfaces fa0/0.10= 192.10.10.1 fa0/0.20= 192.10.20.1 fa0/0.30= 192.10.30.1 all the sub interfaces have encapsulation dot1q and the correct VLAN assigned to it. the actual interface fa0/0 has no IP address and is up/up. now my question is when I ping the switch VLAN interface 192.10.20.2 from a host that has the IP address 192.10.30.10 , I expect to time-out on my ping but for whatever reason I still get a good ICMP message back. why is that? if the switch tries to reply back to my host using its source vlan interface address 192.10.20.2 , shouldn't the packet be dropped when the Router receives the packet because the default gate way is not in the same subnet. I noticed when I looked on packet tracer , the switch was sending the packet to the Routers fa0/0.20 interface instead of the default gateway interface fa0/0.10 . I've been troubleshooting this for about an hour or so and still can't figure out why unless packet tracer isn't working properly.

MAC_Addy

Can you paste the configs on here or perhaps the packet tracer file?

nothimagain

I can't I have it set up on a personal laptop. im posting through my work PC , cant connect my laptop to any network anytime soon , im on deployment.

MAC_Addy

To better answer your question, it should work since you have everything setup (I think) correctly. To stop communication between VLANs you'll have to create an ACL to stop that.

nothimagain

the thing is it shouldn't work... if im sending my packet to the switch's vlan 20 interface , the switch shouldn't be able to talk back to me because if it tries to send the packet to it's default gateway, the router will notice they are not in the same subnet and then drop the packet. the same reason why your PC wouldn't work if its ip address was 200.10.10.5 /24 , but you put the default gateway is 205.10.20.1 /24. the source IP needs to be on the same subnet of the default gateway.

networker050184

The router doesn't drop stuff because it's in a different subnet. It routes it. That's it's job!

p@r0tuXus

Unless you have ACL's setup to stop that communication, though, wouldn't the router be able to direct traffic from the Switch's default gateway (an interface on the router) to the correct VLAN and just the same on the packets return journey to your source host? I can see that working fine. What threw me was you mentioned in packet-tracer that you saw the switch forwarding the packet to the router's 0/0.20 sub-interface instead of 0/0.10. The only reason I can think of this happening is a glitch or maybe you should try clearing the ARP table on the switch.

nothimagain

it should drop it though. example: if interface fa0/0 has an ip address of 10.10.10.2 /24 and its also directly connected to Router1's sub interface 10.10.20.1 /24 , shouldn't router 1 drop any ARP messages from interface fa0/0 because they are not in the same subnet.

p@r0tuXus

http://serverfault.com/questions/397350/what-happens-when-arp-request-comes-from-a-different-subnet
^ I found a good link with topic on this subject specifically because this question did interest me...


Answer is good and the second most liked answer was good also (and interesting). The way I was looking at it was, the arp-table on the switch was re-routing the traffic out a known used port because of prior testing. Clearing that table and starting your test from scratch would have forced it to send it out the proper port to the router which would have sent it on to the right interface anyway, since your router is handling all VLAN traffic. Of course, without your ACL's to stop it, it seemed like it should work to me.