all 18 comments

[–]lizeroy 5 points6 points  (2 children)

Think you have the management IP confused with layer3 routing?

[–]ChrispyChris92[S] 0 points1 point  (1 child)

Perhaps, but I'm not sure how I am able to even connect through the management IP without a router to see the IP addresses I'm trying to move data to.

[–]ecatsujCCENT, ITILv3 5 points6 points  (0 children)

Managed switches use layer 3 for management. You can assign ips to the management address and don't need a router if they are on the same subnet

[–][deleted] 3 points4 points  (12 children)

Switches can create a virtual interface called an SVI (Switched Virtual Interface) sometimes called a VLAN Interface. This interface allows the Switch's control plane (It's Processor/CPU) to act like it has a virtual network cable plugged into the switch itself. In essence it allows the switch itself to be present on a VLAN or multiple VLANs. This interface is virtual in that you cannot see or touch it, but it can be assigned an IP like a normal port. This gives your switch an address in which you can login and manage it. Without this the CPU/Control plane passively control and manages switching by does not partake in having an interface in the VLAN (Network).

There are also BVIs (Bridged Virtual Interfaces) but adding them to this discussion just makes it more complex and loses the point.


[–]ChrispyChris92[S] 0 points1 point  (11 children)

Okay, and I did set up the VLAN interface. I'm still not sure how the PC can connect to it though, if there is no router for the IP address to point to it. I thought switches only looked at MAC addresses. So for IP to work on a network, I don't necessarily need a router?

[–]Iskaral-PustCCNA R&S 3 points4 points  (7 children)

A router is needed to route between subnets. Any hosts on the same layer 2 network with IP addresses configured on the same network can communicate directly via IP.

In terms of handling traffic in transit, switches do look at just MAC addresses. However, that says nothing about them being able to have an IP address configured for traffic destined specifically to that switch, it just doesn't make forwarding decisions based on layer 3 headers*.

*More advanced switches (called layer 3 or multilayer switches) can use multiple VLAN interfaces (called SVIs or switched virtual interfaces) or routed ports to perform routing. From a logical standpoint, though, switching is a layer 2 operation and routing is a layer 3 operation.

[–]ChrispyChris92[S] 0 points1 point  (6 children)

Perfect, that right there helps a bunch and gets me much closer. So could you maybe help me get this last part: I do see how a switch finds the MAC addresses and then moves the packets in the right direction, but when using an IP address in the same subnet, how does the network know where to get the packet using the IP instead of the MAC address and allowing the switch to help?

[–]Cinci555 4 points5 points  (3 children)

ARP is your answer. It resolves the IP address to a MAC address that can then be accessed via layer 2.

[–]ebohlman 1 point2 points  (1 child)

To be pedantically precise, it's ARP for IPv4 and NDP for IPv6. But the underlying logic is the same. Host applies subnet mask to intended destination IP, sees that it's on the same subnet, so asks everybody on the subnet "if your IP address is so-and-so, tell me your MAC address." Anybody with that IP address (hopefully only one device) sends a reply saying "yeah, my MAC address is ..."

[–]Cinci555 1 point2 points  (0 children)

Precision is the only way. I appreciate the mentioning of NDP.

[–]randomdumbcomment 0 points1 point  (0 children)

And stores it in its MAC address table.

[–][deleted] 0 points1 point  (0 children)

how does the network know where to get the packet using the IP instead of the MAC address and allowing the switch to help?

Could you rephrase this? Also check my answer above to see if that helps

[–]Cinci555 0 points1 point  (0 children)

To expand on my ARP reply and to complicate it further.

Every time a packet goes beyond a local segment, the IP Addresses do not change, but the MAC Addresses do. Imagine sending a packet to google.com To get to it's default gateway, it resolves the IP to a MAC and reaches the GW. But how does the GW get out to the internet? It looks at it's routing table for the next hop, and requests the MAC Address for that hop and changes the Frame (since Layer 2) destination from itself (where the PC sent it) to the next hop, and changes the source MAC from the PC to itself. It does not change the source/destination IP (ignoring NAT) as those have to remain the same in order for the return traffic to know where to go.

[–][deleted] 1 point2 points  (2 children)

Two hosts on the same subnet will still communicate with IP. Even though a Switch can only see up to Layer 2 (MAC Addresses) it just ignores that part of the frame (the DATA field of a Frame is the IP Packet) and forwards frames based on MAC Address.

In regards to our case with using VLAN interfaces, our switch will now be interested in inspecting the packet encapsulated in the DATA field (The IP Packet) because it's acting like a PC itself on the Network. It behaves the same and listens for broadcasts and ARP requests directed towards in MAC Address.

[–]ChrispyChris92[S] 0 points1 point  (1 child)

Okay, so end user devices (NIC cards) actually can read the layer three information. That makes sense, if I'm correct in saying that, and please correct me if I am wrong haha. Thanks man!

[–][deleted] 0 points1 point  (0 children)

The host itself deals with the Layer 3 (TCP/IP stack) but you can think of the host and the NIC as just one entity for simplicity sake that responds to requests for MAC addresses or IP Addresses that match those burned into the hardware or assigned to the interface

[–]randomdumbcomment 0 points1 point  (0 children)

If you’re on the same subnet ( with a subnet mask of If you’re switch is and you’re PC is anything between - you can directly talk to the switch without and routing necessary since you are on the same subnet.

When your pc sends a request to it will hit the switch and the switch will have to make a decision to filter, flood, forward.

If there is a deny anywhere it will filter and drop the packet to the switch.

If it doesn’t know have a learned IP in its MAC address table, it will flood the packet to all the ports.

If it knows where to go based upon the MAC address in the MAC address table it will forward the packet. In this case since it knows it’s own MAC address it will forward all those packets to itself.

[–]macbalanceCCNA-Makes Phones Do Things 0 points1 point  (0 children)

You can book two PCs together with appropriate cabling, assign IPs, and do IP between them with no router or switch.

The switch still passes data, but doesn’t look at the IP info, just the MAC info.

Management via Telnet or SSH is a sort of secondary thing: it’s not strictly required for a switch to do its job.