@Dale-Ackerman said in CCENT- DIrectly connected networks through router:
@Ronnie-Wong said in CCENT- DIrectly connected networks through router:
n the Accelerated CCENT course, episode on Easy Subnetting, time- 34:15
Ronnie, The information I refer to is in the Accelerated CCENT course, episode on Easy Subnetting, time- 34:15.
So, I was thinking that Subnets, or VLANS, in and of themselves, would prevent others from connecting to them. But, I got this wrong. If I'm not mistaken, Subnets or VLANS, merely separate them into broadcast domains. If connected directly to a router, there is not restriction from communicating from one subnet or VLAN to another. That restriction would come in the way of an ACL.
Do have this right?
Thanks for your help.
All this can be clarified by looking to the all mighty OSI model and understanding how a switch and router do their jobs.
Lets begin with the question of why 2 host in the same subnet do not need a router.
Look at this topology

PC1 sends a message to PC2. lets look at the message PC1 sends
Source IP 192.168.0.10
Source Mask 255.255.255.0
Source MAC AA:AA:AA:AA:AA:AA:AA:AA
Destination IP 192.168.0.20
Destination Mask 255.255.255.0
Destination MAC FF:FF:FF:FF:FF:FF:FF:FF <-------we have not gone through ARP to figure out the MAC
Because we have no clue where PC2 is at layer 2 the switch will flood this message to all ports until someone responds. Because PC2 is within our broadcast domain he will get this message and respond. When PC1 receives this reply he now knows PC2's MAC address. Also PC2 knows PC1's MAC address from the original message he got.
Both PC1 and PC2 are now talking directly.
**What would have happened if PC1 and PC2 where in different subnets? **

OK so PC1 would see that PC2 is not in it's own subnet so PC1 sends the message to PC2 via it's default gateway. Through arp we learned our own gateway's MAC so we use that as the destination MAC but the destination IP of PC2.
So the message now looks like this
Source IP 192.168.0.10
Source Mask 255.255.255.0
Source MAC AA:AA:AA:AA:AA:AA:AA:AA
Destination IP 192.168.128.20
Destination Mask 255.255.255.0
Destination MAC BB:BB:BB:BB:BB:BB:BB:BB <------mac of the router
The router then sees that this message is addressed to it at layer2 but is addressed to 192.168.128.20 at layer 3. It uses ARP to find PC2 and then forwards this message to PC1. But puts it's own MAC as the Source MAC.
So now PC1 and PC2 are communicating through R1.
But what would happen if PC1 and PC2 were on different VLANs
Good question. All of the above still happens but the switch now adds a tag to the layer 2 frame. Remember that is all a VLAN is, it's a tag on the layer 2 frame. The Switch then uses this tag to determine if a Frame is allowed or not allowed on an individual port.
Keeping the topology above PC1 would send a message to PC2. this message would go through E0/1 because it is on VLAn1 then the router would put that message on e0/0 which is on VLAN2. The VLAN tags get stripped when exiting a switch on a non trunk port.
Think about this, if PC1 (being on VLAN1) sends a layer2 broadcast, Only those in VLAN1 would get it because the VLAN2 ports wouldn't allow the broadcast through. This would also effectively block layer 3 broadcast for the same reason, VLAN1 frames are not allowed on VLAN2 ports.
I hope all this clarifies and doesn't further confuse.