Courseiva
IP AddressingCCNA 200-301

Host IP Address in Wrong Subnet — No Default Gateway Route

Presenting Symptom

A host in VLAN 10 cannot ping the default gateway (192.168.10.1) or any devices outside its subnet, but can ping other hosts in the same VLAN.

Network Context

A small branch office with a single Cisco Catalyst 2960 switch (IOS 15.0) and a Cisco 4321 router. The switch has two VLANs: VLAN 10 (192.168.10.0/24) and VLAN 20 (192.168.20.0/24). The router connects to the switch via a trunk link and provides inter-VLAN routing using router-on-a-stick. The host in question is connected to an access port in VLAN 10 but has been statically assigned an IP address from VLAN 20's subnet.

Diagnostic Steps

1

Check host IP configuration

On the host: ipconfig (Windows) or ifconfig (Linux/Mac)
IPv4 Address: 192.168.20.10
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.10.1

The host's IP address (192.168.20.10) belongs to VLAN 20 subnet, but the default gateway (192.168.10.1) is the VLAN 10 gateway. This mismatch indicates the host is in the wrong subnet.

2

Verify switch access port VLAN assignment

show interfaces status | include GigabitEthernet0/1
Port      Name               Status       Vlan       Duplex Speed Type
Gi0/1                        connected    10         a-full a-100 10/100/1000BaseTX

The switch port is assigned to VLAN 10. The host's IP should be in the 192.168.10.0/24 subnet, but it is in 192.168.20.0/24. This confirms the IP address is wrong for the VLAN.

3

Check ARP table on the router for the default gateway

show ip arp | include 192.168.10.1
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.10.1            -   aabb.cc00.0100  ARPA   GigabitEthernet0/0.10

The router has an ARP entry for the default gateway IP. The host should be able to reach this IP if it were on the same subnet. Since the host is on a different subnet, it will send ARP requests for the gateway but never receive a reply because the gateway is not on the same broadcast domain.

4

Ping from host to another host in VLAN 10

ping 192.168.10.20 (another host in VLAN 10)
Reply from 192.168.10.20: bytes=32 time<1ms TTL=128

The host can ping other hosts in VLAN 10 because they are on the same Layer 2 domain. However, it cannot reach the default gateway because the gateway IP is not in the same subnet as the host's IP.

Root Cause

The host has been statically assigned an IP address (192.168.20.10) that belongs to VLAN 20's subnet, but it is connected to an access port in VLAN 10. The default gateway (192.168.10.1) is on a different subnet, so the host cannot send traffic outside its local VLAN. The host's IP address does not match the VLAN's subnet.

Resolution

Change the host's IP address to a valid address in VLAN 10's subnet (192.168.10.0/24). 1. On the host, open network settings. 2. Set IP address: 192.168.10.10 (or any unused address in the range). 3. Set subnet mask: 255.255.255.0. 4. Set default gateway: 192.168.10.1. 5. Apply and verify connectivity.

Verification

1. On the host: ping 192.168.10.1 — should receive replies. 2. On the host: ping 8.8.8.8 (if internet access is configured) — should succeed. 3. On the switch: show ip arp | include 192.168.10.10 — should show the host's MAC address.

Prevention

1. Use DHCP to automatically assign IP addresses from the correct subnet based on the VLAN. 2. Implement IP address management (IPAM) to track and allocate addresses. 3. Configure port security or 802.1X to restrict which devices can connect to specific VLANs.

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario appears in troubleshooting questions where a host cannot reach the internet or a remote network. The exam tests the candidate's ability to identify IP addressing and VLAN mismatches. A key fact is that a host must have an IP address in the same subnet as its default gateway to communicate outside its local network.

Exam Tips

1.

Remember that a host can ping other hosts in the same VLAN even if its IP is in the wrong subnet, because Layer 2 communication does not require a gateway.

2.

The default gateway must be in the same subnet as the host's IP address. If the host's IP is in a different subnet, it will not be able to send traffic to the gateway.

3.

Use 'show interfaces status' and 'show vlan brief' on the switch to verify VLAN assignments, and check the host's IP configuration with ipconfig/ifconfig.

Commands Used in This Scenario

show interfaces status

Displays a summary of all switch interfaces including their status, VLAN, duplex, speed, and type, used to quickly verify interface connectivity and configuration.

show ip arp

Displays the Address Resolution Protocol (ARP) cache, mapping IP addresses to MAC addresses on a router or switch, used to verify connectivity and troubleshoot Layer 2 issues.

show vlan brief

Displays a summary of all VLANs configured on the switch, including VLAN ID, name, status, and ports, used to quickly verify VLAN configuration and port assignments.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions