1
00:00:00,000 --> 00:00:05,000
So when sending traffic from 1 subnet to another subnet

2
00:00:05,000 --> 00:00:09,000
the layer 3 headers contain the source host IP address

3
00:00:09,000 --> 00:00:12,000
and the destination host IP address.

4
00:00:12,000 --> 00:00:17,000
But at layer 2 the source MAC address is the local host

5
00:00:17,000 --> 00:00:23,000
and the destination MAC address is the local router on the local segment.

6
00:00:23,000 --> 00:00:27,000
When the frame gets to the router the router will strip

7
00:00:27,000 --> 00:00:31,000
the layer 2 headers and then read the layer 3 headers

8
00:00:31,000 --> 00:00:33,000
to determine what to do with the traffic.

9
00:00:33,000 --> 00:00:38,000
So the destination IP address is 10.1.2.1 the router will firstly check

10
00:00:38,000 --> 00:00:42,000
to see if that’s a local IP address on the router

11
00:00:42,000 --> 00:00:45,000
and in this case it’s not, the router has these IP addresses.

12
00:00:45,000 --> 00:00:48,000
So its check it’s routing table to determine

13
00:00:48,000 --> 00:00:51,000
if it knows where the destination IP address is

14
00:00:51,000 --> 00:00:59,000
This IP address 10.1.2.1 is on subnet 10.1.2.0 which is out of F0/1.

15
00:00:59,000 --> 00:01:04,000
The router therefore knows it needs to send the traffic to host

16
00:01:04,000 --> 00:01:10,000
10.1.2.1 out of F0/1 it then checks its ARP cache

17
00:01:10,000 --> 00:01:15,000
to see if it has an entry for 10.1.2.1

18
00:01:15,000 --> 00:01:19,000
In this case let’s assume the router doesn’t have an ARP entry

19
00:01:19,000 --> 00:01:25,000
mapping IP address 10.1.2.1 to MAC address B, so it doesn’t know that.

20
00:01:25,000 --> 00:01:29,000
So to find that out it needs to send a broadcast unto the local segment

21
00:01:29,000 --> 00:01:34,000
requesting the MAC address of IP address 10.1.2.1

22
00:01:34,000 --> 00:01:37,000
so it will send out an ARP request message, the hub will flooded out

23
00:01:37,000 --> 00:01:41,000
of its ports and both  B and D will receive the frame.

24
00:01:41,000 --> 00:01:45,000
D will receive the frame at layer 2 because its broadcast

25
00:01:45,000 --> 00:01:49,000
but at higher layers it will drop the message

26
00:01:49,000 --> 00:01:53,000
because it's an ARP request for another devices IP address.

27
00:01:53,000 --> 00:01:56,000
So host D drops the frame, but host B will receive at it

28
00:01:56,000 --> 00:02:01,000
layer 2 send it to high layer protocols, high layer protocols will see

29
00:02:01,000 --> 00:02:04,000
that this is an ARP request for the local IP address of this host.

30
00:02:04,000 --> 00:02:07,000
So PC B will process the ARP request

31
00:02:07,000 --> 00:02:10,000
and send back an ARP reply.

32
00:02:10,000 --> 00:02:15,000
The ARP reply will be sent to the hub with source MAC address of B

33
00:02:15,000 --> 00:02:18,000
destination MAC address of the router, the routers is the device

34
00:02:18,000 --> 00:02:23,000
that requested the IP address of the PC and the MAC address

35
00:02:23,000 --> 00:02:25,000
is on each interface of a router are different.

36
00:02:25,000 --> 00:02:28,000
In this case the MAC address used was H

37
00:02:28,000 --> 00:02:35,000
so the PC will reply back to that MAC address, so source MAC address is B

38
00:02:35,000 --> 00:02:39,000
destination MAC address is H, source IP address is 10.1.2.1

39
00:02:39,000 --> 00:02:43,000
destination IP address is 10.1.2.100, the IP address

40
00:02:43,000 --> 00:02:50,000
and MAC address of the routers F0/1 is used in the reply from PC B

41
00:02:50,000 --> 00:02:54,000
when the hub receives the traffic it will flood it out of all of its ports

42
00:02:54,000 --> 00:02:58,000
D will drop the frame the router however will process the traffic

43
00:02:58,000 --> 00:03:01,000
because the MAC address is its local MAC address.

44
00:03:01,000 --> 00:03:03,000
So the routers network interface card

45
00:03:03,000 --> 00:03:06,000
will receive the traffic at layer 2, it will then process the layer 3

46
00:03:06,000 --> 00:03:11,000
and layer 4 information and it will update its local ARP cache

47
00:03:11,000 --> 00:03:17,000
stating that IP address 10.1.2.1 as MAC address B.

48
00:03:17,000 --> 00:03:20,000
Now that the ARP cache is updated the router can send

49
00:03:20,000 --> 00:03:24,000
the original ping traffic to host B.

50
00:03:24,000 --> 00:03:27,000
So when the frame arrived at the router from host A

51
00:03:27,000 --> 00:03:31,000
it had a source MAC address of A, destination MAC address of G

52
00:03:31,000 --> 00:03:37,000
source IP address of 10.1.1.1 destination IP address of 10.1.2.1

53
00:03:37,000 --> 00:03:44,000
when it now sends that traffic out of F0/1, it rewrites the MAC address entries

54
00:03:44,000 --> 00:03:48,000
So the source MAC address is H, the local router's interface

55
00:03:48,000 --> 00:03:51,000
the destination MAC address is B

56
00:03:51,000 --> 00:03:54,000
the host that the router wants to communicate with.

57
00:03:54,000 --> 00:03:58,000
the source IP address is still the IP address of host A

58
00:03:58,000 --> 00:04:03,000
and the destination IP address is still the IP address of host B.

59
00:04:03,000 --> 00:04:08,000
It’s really important to remember that when traversing a router

60
00:04:08,000 --> 00:04:13,000
or a layer 3 switch, so for example when moving from 1 VLAN to another

61
00:04:13,000 --> 00:04:20,000
the layer 2 information is rewritten, the layer 3 information is left the same

62
00:04:20,000 --> 00:04:23,000
but every time traffic hops across a router

63
00:04:23,000 --> 00:04:26,000
or is sent from 1 VLAN to another VLAN

64
00:04:26,000 --> 00:04:28,000
the layer 2 information is rewritten in the frame

65
00:04:28,000 --> 00:04:34,000
When that traffic is received by the hub, it will flood it out of all ports

66
00:04:34,000 --> 00:04:40,000
D will drop the frame because the destination MAC address is B and not D.

67
00:04:40,000 --> 00:04:44,000
B will  receive the frame at layer 2 because it's destined to itself

68
00:04:44,000 --> 00:04:48,000
and then it will process the layer 3 and layer 4 information.

69
00:04:48,000 --> 00:04:53,000
In this case it’s an ICMP echo message sent from A to B.

70
00:04:53,000 --> 00:04:57,000
so B is going to one to reply with an echo reply message.

71
00:04:57,000 --> 00:05:04,000
So B will reply with an echo reply but please notice that the echo reply

72
00:05:04,000 --> 00:05:09,000
is going to a destination IP address of 10.1.1.1 which is host A

73
00:05:09,000 --> 00:05:13,000
the source Mac address is B, the local PC

74
00:05:13,000 --> 00:05:18,000
but the destination MAC address is the router, device B is sending

75
00:05:18,000 --> 00:05:22,000
the traffic to its default gateway because it would have also done

76
00:05:22,000 --> 00:05:27,000
a logical end on the IP address and subnet and it would have worked out

77
00:05:27,000 --> 00:05:32,000
that IP address 10.1.1.1 is on a different subnet to itself.

78
00:05:32,000 --> 00:05:35,000
So it’s gonna send the traffic to its default gateway

79
00:05:35,000 --> 00:05:39,000
and in this case we would have configured the PC

80
00:05:39,000 --> 00:05:42,000
with the default gateway of 10.1.2.100

81
00:05:42,000 --> 00:05:46,000
The hub will flood the traffic out of all ports

82
00:05:46,000 --> 00:05:51,000
D will drop the frame once again because it’s not destined to itself.

83
00:05:51,000 --> 00:05:53,000
The router will process the frame at layer 2

84
00:05:53,000 --> 00:05:57,000
because the destination MAC address is its local MAC address.

85
00:05:57,000 --> 00:06:02,000
It will then strip the layer 2 information and read the layer 3 information

86
00:06:02,000 --> 00:06:07,000
to determine if it knows where the destination address is.

87
00:06:07,000 --> 00:06:12,000
In this case 10.1.1.1 is in subnet 10.1.1.0/24

88
00:06:12,000 --> 00:06:19,000
and that subnet is directly connected to F0/0 on the router.

89
00:06:19,000 --> 00:06:23,000
So the destination IP address is in a subnet that’s known by the router

90
00:06:23,000 --> 00:06:27,000
and it now knows out of which interface to send a traffic.

91
00:06:27,000 --> 00:06:33,000
So the router knows that it needs to forward this packet out of interface F0/0.

92
00:06:33,000 --> 00:06:37,000
The router will then rewrite the layer 2 headers.

93
00:06:37,000 --> 00:06:39,000
So the destination MAC address is A.

94
00:06:39,000 --> 00:06:41,000
The source MAC addresses is G,

95
00:06:41,000 --> 00:06:45,000
which is the MAC address of F0/0 on the router.

96
00:06:45,000 --> 00:06:51,000
The layer 3 information is left the same but the layer 2 headers are rewritten.

97
00:06:51,000 --> 00:06:54,000
The router forwards the frame to the hub.

98
00:06:54,000 --> 00:06:59,000
When a hub receives the traffic it will flood it out of all ports.

99
00:06:59,000 --> 00:07:01,000
C will drop the frame because it’s not destined to it.

100
00:07:01,000 --> 00:07:04,000
A will receive the frame because the destination MAC address is itself.

101
00:07:04,000 --> 00:07:07,000
It will then process the layer 2 information

102
00:07:07,000 --> 00:07:11,000
strip the layer 2 headers,  forward it to higher layer protocols.

103
00:07:11,000 --> 00:07:15,000
The higher layer protocols will process the layer 3

104
00:07:15,000 --> 00:07:20,000
and layer 4 and upper layers and the ping will succeed in this example.

105
00:07:20,000 --> 00:07:24,000
Now in some cases you'll notice that when you ping a device

106
00:07:24,000 --> 00:07:29,000
the first ping fails and that’s typically because of the ARP request

107
00:07:29,000 --> 00:07:33,000
and replies that need to take place to populate the ARP caches

108
00:07:33,000 --> 00:07:37,000
of devices between the source and destination device.

109
00:07:37,000 --> 00:07:43,000
So don’t be concerned if you lose the first ping when pinging a remote device.

110
00:07:43,000 --> 00:07:47,000
It’s probably because the ARP cache is have been populated

111
00:07:47,000 --> 00:07:49,000
by the devices involved in the communication.

112
00:07:49,000 --> 00:07:54,000
The important thing to remember is that when you ping across a router

113
00:07:54,000 --> 00:07:59,000
or a layer 3 switch, the layer 2 information is updated at each hop

114
00:07:59,000 --> 00:08:02,000
but the layer 3 information remains the same

115
00:08:02,000 --> 00:08:06,000
unless Network Address Translation or NAT is used.

116
00:08:06,000 --> 00:08:10,000
When you move from 1 VLAN to another VLAN on a layer 3 switch

117
00:08:10,000 --> 00:08:13,000
or move from 1 interface to another on a router

118
00:08:13,000 --> 00:08:19,000
the layer 3 information is not changed, but the layer 2 headers are rewritten.

119
00:08:19,000 --> 00:08:25,000
So in summary a router is a layer 3 device, it makes routing decisions

120
00:08:25,000 --> 00:08:29,000
based on IP addresses and it rewrites MAC addresses

121
00:08:29,000 --> 00:08:32,000
layer 3 switches also operate at this layer.

122
00:08:32,000 --> 00:08:37,000
The layer 3 switch has layer 2 capability as well as layer 3 capability.

123
00:08:37,000 --> 00:08:42,000
When you send traffic from VLAN 10 to VLAN 20 for example

124
00:08:42,000 --> 00:08:44,000
the layer 2 frames are rewritten.

125
00:08:44,000 --> 00:08:47,000
The traffic is logically going through a router as the layer 3 switch

126
00:08:47,000 --> 00:08:53,000
implements routing capability and therefore the layer 2 MAC addresses

127
00:08:53,000 --> 00:08:58,000
are rewritten but the layer 3 information remains the same.