Solved CCENT- DIrectly connected networks through router

---

Wow! I am going through the Accelerated CCENT course with Todd Lammie and it is awesome! I have enough ground work to keep up with him (although I do pause frequently to soak in what he might have said), but his teaching of subnetting- really opened my eyes. Great job.
Anyway, Apparently, I still have some major holes to fill in basic understanding. In the Accelerated CCENT course, episode on Easy Subnetting, time- 34:15, Todd shows a diagram of two CONNECTED subnets to a single router. He asks, and states, that a host on one subnet can communicate to another host on the other subnet. I feel I should know this to be true, but could not explain why to someone else (that's how I know I understand it) What episode or show would be best to explain this?

I guess I am getting this confused with VLANS, where hosts in individual VLANS cannot communicate with hosts on another. Is the use of the router- in this case- simply to show segmentation of broadcast domains? The answer seems close, but I can't quite see it clearly. Thanks

@Dale-Ackerman said in CCENT- DIrectly connected networks through router:

Wow! I am going through the Accelerated CCENT course with Todd Lammie and it is awesome! I have enough ground work to keep up with him (although I do pause frequently to soak in what he might have said), but his teaching of subnetting- really opened my eyes. Great job.
Anyway, Apparently, I still have some major holes to fill in basic understanding. In the Accelerated CCENT course, episode on Easy Subnetting, time- 34:15, Todd shows a diagram of two CONNECTED subnets to a single router. He asks, and states, that a host on one subnet can communicate to another host on the other subnet. I feel I should know this to be true, but could not explain why to someone else (that's how I know I understand it) What episode or show would be best to explain this?

Remember that devices within subnets can directly communicate with each other without the need of a router. For two different subnets to communicate with each other, they must use a router. I'm not exactly sure what particular episode this one is in. The reason is that we covered so much great material in such a short period of time that one episode flows into another. You may want to check out the Network+ episode on routers and routing.

I guess I am getting this confused with VLANS, where hosts in individual VLANS cannot communicate with hosts on another. Is the use of the router- in this case- simply to show segmentation of broadcast domains? The answer seems close, but I can't quite see it clearly. Thanks

I hope what write here will help to clarify. VLANs = subnets = broadcast domains. Each interface of a router, regardless of physical interface or virtual subinterfaces, represents a subnet (therefore, a VLAN or a broadcast domain). If you want to communicate between subnets you must go through a Layer 3 device.

@Ronnie-Wong said in CCENT- DIrectly connected networks through router:

n the Accelerated CCENT course, episode on Easy Subnetting, time- 34:15

Ronnie, The information I refer to is in the Accelerated CCENT course, episode on Easy Subnetting, time- 34:15.

So, I was thinking that Subnets, or VLANS, in and of themselves, would prevent others from connecting to them. But, I got this wrong. If I'm not mistaken, Subnets or VLANS, merely separate them into broadcast domains. If connected directly to a router, there is not restriction from communicating from one subnet or VLAN to another. That restriction would come in the way of an ACL.
Do have this right?

Thanks for your help.

@Dale-Ackerman,

If they're not on the same subnet, any IP device will have to go through Layer 3 to communicate even if they are in separate VLANs on the same switch. This is because the switch doesn't take into consideration any layer 3 information because it's a layer 2 devices. If you want to deny traffic from one VLAN accessing another one you can use ACLs to do so!

Remember that VLANs essential take your switch and divides it into multiple smaller logical switches.

@Dale-Ackerman said in CCENT- DIrectly connected networks through router:

@Ronnie-Wong said in CCENT- DIrectly connected networks through router:

n the Accelerated CCENT course, episode on Easy Subnetting, time- 34:15

Ronnie, The information I refer to is in the Accelerated CCENT course, episode on Easy Subnetting, time- 34:15.

So, I was thinking that Subnets, or VLANS, in and of themselves, would prevent others from connecting to them. But, I got this wrong. If I'm not mistaken, Subnets or VLANS, merely separate them into broadcast domains. If connected directly to a router, there is not restriction from communicating from one subnet or VLAN to another. That restriction would come in the way of an ACL.
Do have this right?

Thanks for your help.

All this can be clarified by looking to the all mighty OSI model and understanding how a switch and router do their jobs.

Lets begin with the question of why 2 host in the same subnet do not need a router.

Look at this topology

PC1 sends a message to PC2. lets look at the message PC1 sends

Source IP 192.168.0.10
Source Mask 255.255.255.0
Source MAC AA:AA:AA:AA:AA:AA:AA:AA

Destination IP 192.168.0.20
Destination Mask 255.255.255.0
Destination MAC FF:FF:FF:FF:FF:FF:FF:FF <-------we have not gone through ARP to figure out the MAC

Because we have no clue where PC2 is at layer 2 the switch will flood this message to all ports until someone responds. Because PC2 is within our broadcast domain he will get this message and respond. When PC1 receives this reply he now knows PC2's MAC address. Also PC2 knows PC1's MAC address from the original message he got.

Both PC1 and PC2 are now talking directly.

**What would have happened if PC1 and PC2 where in different subnets? **

OK so PC1 would see that PC2 is not in it's own subnet so PC1 sends the message to PC2 via it's default gateway. Through arp we learned our own gateway's MAC so we use that as the destination MAC but the destination IP of PC2.

So the message now looks like this

Source IP 192.168.0.10
Source Mask 255.255.255.0
Source MAC AA:AA:AA:AA:AA:AA:AA:AA

Destination IP 192.168.128.20
Destination Mask 255.255.255.0
Destination MAC BB:BB:BB:BB:BB:BB:BB:BB <------mac of the router

The router then sees that this message is addressed to it at layer2 but is addressed to 192.168.128.20 at layer 3. It uses ARP to find PC2 and then forwards this message to PC1. But puts it's own MAC as the Source MAC.

So now PC1 and PC2 are communicating through R1.

But what would happen if PC1 and PC2 were on different VLANs

Good question. All of the above still happens but the switch now adds a tag to the layer 2 frame. Remember that is all a VLAN is, it's a tag on the layer 2 frame. The Switch then uses this tag to determine if a Frame is allowed or not allowed on an individual port.

Keeping the topology above PC1 would send a message to PC2. this message would go through E0/1 because it is on VLAn1 then the router would put that message on e0/0 which is on VLAN2. The VLAN tags get stripped when exiting a switch on a non trunk port.

Think about this, if PC1 (being on VLAN1) sends a layer2 broadcast, Only those in VLAN1 would get it because the VLAN2 ports wouldn't allow the broadcast through. This would also effectively block layer 3 broadcast for the same reason, VLAN1 frames are not allowed on VLAN2 ports.

I hope all this clarifies and doesn't further confuse.

@Daniel-Espinal said in CCENT- DIrectly connected networks through router:

PC1 would see that PC2 is not in it's own subnet so PC1 sends the message to PC2 via it's default gateway. Through arp we learned our own gateway's MAC so we use that as the destination MAC but the destination IP of PC2.

Thanks Ronnie and Daniel,

Everything you said Daniel made sense. I remember it all when you say it, its now just a matter for me to put all the pieces of information I know so they fit together. I'm close.
The real - of course!, statement you made was with, "PC1 would see that PC2 is not in it's own subnet so PC1 sends the message to PC2 via it's default gateway. Through arp we learned our own gateway's MAC so we use that as the destination MAC but the destination IP of PC2.".
To me this explained how they communicate. And the VLAN tagging I remember and makes sense. Its coming together. It seems like as I move forward, I am able to put a couple pieces together from the past that I then understand. Funny how that works. Thanks.

Like riding a bike. You never truly forget.

I'm in the same boat. I got my CCNA in 2010 and i've kept it active but I am in desktop support so very little of my training is actually used. So I've forgotten a lot of stuff. That is why I lurk in these forums and the cisco forums so I can keep up to date on stuff.

Anyway, really glad we could help!