Reddit Feeds

Sign up and stay connected to your favorite communities.

sign uplog in

Packet Tracer: How am I able to SSH and Telnet without a router on the network?

I'm using both protocols to log in to the switch and was wondering how I'm able to do so. I was under the impression that both require IP, which is layer 3. How are things working to get me to the switch from the PC that I cabled into it? I didn't think switches (unless layer 3) regarded IP addresses.

88% Upvoted
What are your thoughts? Log in or Sign uplog insign up

Think you have the management IP confused with layer3 routing?

Original Poster1 point·5 months ago

Perhaps, but I'm not sure how I am able to even connect through the management IP without a router to see the IP addresses I'm trying to move data to.

CCENT, ITILv37 points·5 months ago

Managed switches use layer 3 for management. You can assign ips to the management address and don't need a router if they are on the same subnet

6 points·5 months ago

Switches can create a virtual interface called an SVI (Switched Virtual Interface) sometimes called a VLAN Interface. This interface allows the Switch's control plane (It's Processor/CPU) to act like it has a virtual network cable plugged into the switch itself. In essence it allows the switch itself to be present on a VLAN or multiple VLANs. This interface is virtual in that you cannot see or touch it, but it can be assigned an IP like a normal port. This gives your switch an address in which you can login and manage it. Without this the CPU/Control plane passively control and manages switching by does not partake in having an interface in the VLAN (Network).

There are also BVIs (Bridged Virtual Interfaces) but adding them to this discussion just makes it more complex and loses the point.


Original Poster1 point·5 months ago

Okay, and I did set up the VLAN interface. I'm still not sure how the PC can connect to it though, if there is no router for the IP address to point to it. I thought switches only looked at MAC addresses. So for IP to work on a network, I don't necessarily need a router?

CCNA R&S3 points·5 months ago·edited 5 months ago

A router is needed to route between subnets. Any hosts on the same layer 2 network with IP addresses configured on the same network can communicate directly via IP.

In terms of handling traffic in transit, switches do look at just MAC addresses. However, that says nothing about them being able to have an IP address configured for traffic destined specifically to that switch, it just doesn't make forwarding decisions based on layer 3 headers*.

*More advanced switches (called layer 3 or multilayer switches) can use multiple VLAN interfaces (called SVIs or switched virtual interfaces) or routed ports to perform routing. From a logical standpoint, though, switching is a layer 2 operation and routing is a layer 3 operation.

Original Poster1 point·5 months ago

Perfect, that right there helps a bunch and gets me much closer. So could you maybe help me get this last part: I do see how a switch finds the MAC addresses and then moves the packets in the right direction, but when using an IP address in the same subnet, how does the network know where to get the packet using the IP instead of the MAC address and allowing the switch to help?

ARP is your answer. It resolves the IP address to a MAC address that can then be accessed via layer 2.

To be pedantically precise, it's ARP for IPv4 and NDP for IPv6. But the underlying logic is the same. Host applies subnet mask to intended destination IP, sees that it's on the same subnet, so asks everybody on the subnet "if your IP address is so-and-so, tell me your MAC address." Anybody with that IP address (hopefully only one device) sends a reply saying "yeah, my MAC address is ..."

Precision is the only way. I appreciate the mentioning of NDP.

And stores it in its MAC address table.

1 point·5 months ago

how does the network know where to get the packet using the IP instead of the MAC address and allowing the switch to help?

Could you rephrase this? Also check my answer above to see if that helps

To expand on my ARP reply and to complicate it further.

Every time a packet goes beyond a local segment, the IP Addresses do not change, but the MAC Addresses do. Imagine sending a packet to To get to it's default gateway, it resolves the IP to a MAC and reaches the GW. But how does the GW get out to the internet? It looks at it's routing table for the next hop, and requests the MAC Address for that hop and changes the Frame (since Layer 2) destination from itself (where the PC sent it) to the next hop, and changes the source MAC from the PC to itself. It does not change the source/destination IP (ignoring NAT) as those have to remain the same in order for the return traffic to know where to go.

2 points·5 months ago

Two hosts on the same subnet will still communicate with IP. Even though a Switch can only see up to Layer 2 (MAC Addresses) it just ignores that part of the frame (the DATA field of a Frame is the IP Packet) and forwards frames based on MAC Address.

In regards to our case with using VLAN interfaces, our switch will now be interested in inspecting the packet encapsulated in the DATA field (The IP Packet) because it's acting like a PC itself on the Network. It behaves the same and listens for broadcasts and ARP requests directed towards in MAC Address.

Original Poster1 point·5 months ago

Okay, so end user devices (NIC cards) actually can read the layer three information. That makes sense, if I'm correct in saying that, and please correct me if I am wrong haha. Thanks man!

1 point·5 months ago

The host itself deals with the Layer 3 (TCP/IP stack) but you can think of the host and the NIC as just one entity for simplicity sake that responds to requests for MAC addresses or IP Addresses that match those burned into the hardware or assigned to the interface

If you’re on the same subnet ( with a subnet mask of If you’re switch is and you’re PC is anything between - you can directly talk to the switch without and routing necessary since you are on the same subnet.

When your pc sends a request to it will hit the switch and the switch will have to make a decision to filter, flood, forward.

If there is a deny anywhere it will filter and drop the packet to the switch.

If it doesn’t know have a learned IP in its MAC address table, it will flood the packet to all the ports.

If it knows where to go based upon the MAC address in the MAC address table it will forward the packet. In this case since it knows it’s own MAC address it will forward all those packets to itself.

CCNA-Makes Phones Do Things1 point·5 months ago

You can book two PCs together with appropriate cabling, assign IPs, and do IP between them with no router or switch.

The switch still passes data, but doesn’t look at the IP info, just the MAC info.

Management via Telnet or SSH is a sort of secondary thing: it’s not strictly required for a switch to do its job.

Community Details





Create Post

r/ccna Rules

No posting of illegal materials
No posting of braindumps
Be courteous and helpful
Don't ask others to complete your labs
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.