switching

Answered Question

hi! I'm setting up the connection below, with the switch(2900) using the same vlan and subnet that's use in the switch(6509).

server<---switch(2900)<---firewall<----switch(6509)


In this caes, do i need to set any default gateway for the switch(2900)? Will the vlan work in switch(2900) as it's not connected to another switch or directly to switch(6509) which is used for routing? should i use another subnet for the switch(2900) in this case?


Thanks.


Correct Answer by Richard Burts about 10 years 1 week ago

David


If you wanted to connect to the switch by telnet, or if you want to use SNMP to get information from the switch, or if you want the switch to send syslog messages to a syslog server then you would use the management VLAN on the switch to make those connections.


If the management address of the switch wants to communicate only with devices within its own subnet (I think that is not likely) then you do not need ip default-gateway on the switch. But if the management address of the switch needs to communicate with things in other subnets then it does need the ip default-gateway configured.


Note that the ip default-gateway we are talking about is only for traffic originating from the switch. It has nothing to do with traffic from end stations passing through the switch.


HTH


Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
ankbhasi Sun, 05/20/2007 - 08:15
User Badges:
  • Cisco Employee,

Hi Friend,


You only need to assign default gateway to the switch if you want to manage your switch from some remote network. Layer 2 switches need an ip address only for management purpose and need a default gateway only when it need to be managed from some remote network/subnet other than management vlan subnet assigned to the switch.


All switch interfaces are bydefault in vlan 1 so even if you do not assign any vlan on switchport it will be a part of vlan 1 when you connect the switch port to your firewall.


You can assign switchport connected to your firewall inside interface to some vlan which is not a part of your management vlan or any vlan as per your requirement.


HTH


Ankur


*Pls rate all helpfull post

hi! I thought IP default-gateway can be used in L2 switch to route traffic that can't be find in the table?


If there's additional router(2600) connected to the switch(2900), should i put in the (router)ip address that's directly connected to the switch or the switch(6509)'s vlan interface?

Is that required?


Thanks.


Thanks.

ankbhasi Sun, 05/20/2007 - 09:19
User Badges:
  • Cisco Employee,

Hi Friend,


There is no concept of routing and routing table on layer 2 switch. You might have assigned your switch with some vlan and its ip address and if you want to access the switch from some other subnet you need to assign it with default gateway pointing to some layer 3 device which can route traffic for layer 2 switch management vlan.


I am not very clear with your second question so if you can explain it again in brief it will be easy to interpret? Are you asking which subnet ip address should be assigned to the switch managenet vlan?


HTH


Ankur


*Pls rate all helpfull post

server<---switch(2900)<---firewall<----switch(6509) |

|

|

Router(2600) WAN(the router should be connected to the switch(2900)

, can't show it here as the alignment is out)



What i'm referring to is there's a router connected to the switch(2900), do i need to set the default gateway in the 29xx switch as the router(2600) interface that's connected to the 29xx switch or the 6509 vlan interface?


If defaul-gateway is only used for remote management of a switch from another vlan subnet, then probably that's not required, right?


Thanks.

Richard Burts Sun, 05/20/2007 - 17:34
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

David


In general the default-gateway for a layer 2 switch should be in a layer 3 device that is connected in the same VLAN as the management VLAN. If I am understanding the topology of your network the 6509 is not connected to the management VLAN so I would believe that it would not be good to configure the switch default-gateway pointing to the 6509. But while you say that the 2600 is connected to the 2900, you do not specify whether it is connected in the management VLAN or some other VLAN. If it is in the management VLAN then it should be configured as the default-gateway. But if it is not connected in the management VLAN then there is no point in configuring it as the default-gateway.


I have a sense that in the original posting that you are treating the default-gateway as the layer 3 router for traffic passing through the switch. We should clarify that the default-gateway configured on the switch is only for routing traffic in the management VLAN of the switch and not for traffic passing through the switch.


HTH


Rick

Correct Answer
Richard Burts Mon, 05/21/2007 - 09:50
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

David


If you wanted to connect to the switch by telnet, or if you want to use SNMP to get information from the switch, or if you want the switch to send syslog messages to a syslog server then you would use the management VLAN on the switch to make those connections.


If the management address of the switch wants to communicate only with devices within its own subnet (I think that is not likely) then you do not need ip default-gateway on the switch. But if the management address of the switch needs to communicate with things in other subnets then it does need the ip default-gateway configured.


Note that the ip default-gateway we are talking about is only for traffic originating from the switch. It has nothing to do with traffic from end stations passing through the switch.


HTH


Rick

Actions

This Discussion