Routing, Default Gateway, and ARP

Leaving the Local Network

Switching and routing solve different problems. Switching forwards Ethernet frames inside a VLAN by using MAC addresses. Routing forwards IP packets between different IP networks by using IP addresses and a routing table. When a client opens a web page on the Internet, the first local switch may move the frame, but a router or firewall must move the packet beyond the local subnet.

Every IPv4 host uses its own IP address and subnet mask to decide whether a destination is local or remote. If the destination IP address is in the same subnet, the host tries to deliver the frame directly to the destination's MAC address. If the destination is outside the local subnet, the host sends the packet to its default gateway. The default gateway is usually the router, firewall, or Layer 3 switch interface for that VLAN. Without a correct default gateway, local traffic may still work, but remote networks and Internet access usually fail.

ARP, the Address Resolution Protocol, is the bridge between IPv4 addressing and Ethernet delivery on the local network. A host cannot place an IPv4 packet directly onto Ethernet without a destination MAC address. If the host needs to send to a local IP address and does not know the MAC address, it sends an ARP request as a broadcast: who has this IP address? The device using that IP replies with its MAC address. The sender stores the result in an ARP cache for a limited time.

For remote traffic, ARP is still used, but the target is different. Suppose a laptop at 192.168.10.25/24 wants to reach 8.8.8.8. The laptop knows 8.8.8.8 is not in 192.168.10.0/24, so it does not ARP for 8.8.8.8. Instead, it ARPs for the default gateway, such as 192.168.10.1, and sends the Ethernet frame to the gateway's MAC address. Inside that frame is an IP packet whose destination remains 8.8.8.8. The router then forwards the packet according to its routing table. At each routed hop, the Layer 2 frame changes for the next local link, but the end-to-end IP destination remains the remote host.

Several common failures fit this model. If a client has an APIPA address such as 169.254.x.x, it probably did not receive a DHCP lease and may not have a usable gateway. If the IP address and mask are wrong, the host may think a remote destination is local or a local destination is remote. If the gateway address is wrong, unavailable, or outside the client's subnet, off-subnet traffic fails. If duplicate IP addresses exist, ARP replies may point to the wrong MAC address, causing intermittent or confusing connectivity.

Useful technician checks include the client IP address, subnet mask or prefix length, default gateway, ARP table, and a ping test to the gateway before testing the Internet. If the gateway does not respond, the issue is likely local: cabling, Wi-Fi association, VLAN, address assignment, gateway interface, firewall policy, or host firewall behavior. If the gateway responds but external traffic fails, the next focus is routing, DNS, NAT, upstream connectivity, or filtering.

Study Checkpoint

• Topic: Routing, Default Gateway, and ARP.
• Verify the official Cisco concept before memorizing a shortcut.
• Practice the technician action: observe, document, test, fix when supported, or escalate.