I was reading an answer from another post that I did not understand and I would like clarification on.
Your original assumptions are not entirely correct. What you call a
router is two devices in one – a two-port router internally connected
to a multiple-port Ethernet switch.This means that the computers are directly connected at layer 2, and
can send packets to each other without going through the router core –
they're simply relayed between ports by the switch chip. (The router
has its own port in the switch.)So if you look at the packets using Wireshark, you'll see that they
directly use each other's MAC addresses, while outside packets always
have the router's MAC as the destination.
…
… each computer in a subnetwork is not connected to each other, but
rather to a switch,
which then can pass on packages1 to the correct
destination. An Ethernet-frame does not contain the subnet-mask, as
the switch already has this knowledge, and hence does not need it to
do the correct switching.That's again incorrect. Switches do not have
this knowledge; their switching core works at layer 2 and does not
know anything about IP – it forwards Ethernet frames purely based on
the 'destination MAC address' field.
____________________
1 [Editorial note] Presumably this is meant to be “packets”.
Source https://superuser.com/a/1191145/337631
How could the paraphrased above be true? I have configured a fair bit of household grade network hardware and it does not appear to be this way in reality. In your router you have both IP and MAC filtering and routing options. Also, when using VM software, your physical network card goes into promiscuous mode, where it receives packets sent to multiple IP addresses and passes the correct ones to the VM and to the real (host) machine. Surely IP version four would function even if the MAC address was somehow withheld.
Best Answer
That's not really surprising nor is a problem in any way.
First, although IP routers are described as "layer 3" devices, that doesn't mean they cannot interact with lower layers – they do usually see the whole packet, with both its Ethernet and IP headers, and a firewall rule could perfectly well match on either or both.
Second, I'm going to repeat that your household-grade network hardware tends to have multiple functionalities – the main CPU runs the OS and handles routing; the hardware switch handles layer-2 packet forwarding between the 'LAN' ports; and the Wi-Fi access point handles, well, Wi-Fi. It's entirely possible for the same OS to be able to configure both the routing core and the attached switching & Wi-Fi hardware.
(In fact I would bet that the MAC filtering option is specifically for the Wi-Fi access point – these can allow or deny layer-1 WLAN associations based on the station's MAC. Though I'm not sure whether that's usually enforced by the Wi-Fi AP chip itself, or by hostapd running on the main OS...)
Then there's what people call "layer-3 switches", which can act as switches or routers depending on needs – each individual port is reconfigurable, so you could have some ports switched (thus belonging to the same subnet), the rest routed, and the OS reconfigures the switch chip as necessary.
Yes, that's not a problem either. There is nothing that would prevent a PC from becoming an IP router or a bridge, or a combination thereof. Most VM software can work in both modes – either bridge the VMs to LAN at layer 2, or create a separate subnet for them so that the PC acts as a router between the two.
(In this regard PCs can get really flexible – just yesterday I decomissioned a "brouter" that was set up as a bridge except when it came to IPv4 packets, which were routed instead...)
Really, it's not IP that needs L2 addressing – it's the layer 2 itself that does.
Yes, it would certainly be possible to design a network which only cared about IP addresses and used those for switching as well. In fact, I think that's exactly how ATM networks worked – an ATM "switch" would essentially act as a self-configuring router, but also automatically learned which individual ATM addresses were behind each port (as a switch would).
But in practice IP was designed to not have hard dependencies on any particular sort of link layer, and as a result you can carry it over anything – Ethernet, FDDI, ARCnet, FireWire, carrier pigeons… Likewise, because most link layers had their own addressing avoided any dependencies on IPv4, one didn't need to do anything to have the same switches support IPv6 (or for that matter IPX, or DECnet, or AppleTalk, or NetBEUI, …) all over the same Ethernet.
So the reason you have both kinds of addresses is that they were deliberately kept separate, and this allowed for great flexibility.
(Both IPv4 and IPv6 can also function over point-to-point links without needing any L2 addressing, since such links only have two directions anyway; two simple examples would be VPN and dial-up connections.)
Actually, while this has nothing to do with subnet masks, you could take a look at IPX and DECnet – both common LAN protocols in the early days before IP and Internet took over. IPX addresses had two parts, network and host, e.g.
618A1.0060086DD3EE, and the host part was always the same as the corresponding Ethernet MAC address. Meanwhile, DECnet did the opposite – it required changing the Ethernet MAC to a special address in which the DECnet node address was encoded. So on the one hand you didn't need ARP, but on the other hand you were pretty much required to use Ethernet or something compatible with it.