08-20-2007 04:54 PM - edited 03-05-2019 06:00 PM
Hi,
I know that I should use "ip route 0 0" when "ip routing" is enabled, and "ip default-gateway" otherwise. However, everything (ping, ssh, tftp) seems to work just fine using "ip route 0 0" when "ip routing" is disabled. Can someone explain? I'm using 3560 /w IOS version 12.1(19)EA1d. -Thanks
Binh
Solved! Go to Solution.
08-20-2007 06:20 PM
So the only way for this device to reach a different subnet is via a router with proxy-arp enabled. If you want to test, disable proxy-arp on every single router on that subnet (if there is more than one).
If you remove the ip route 0.0.0.0 can you still do all the tasks you mentioned before ?
08-20-2007 05:27 PM
Let's verify 'ip routing' is disabled by posting the output from typing
'show ip route'
Also, if you have a device on that segment that has proxy-arp enabled, it will forward the packets onto the next segment on this switch's behalf. Proxy-arp is enabled by default.
08-20-2007 05:55 PM
Here you go:
HHMC_2H13_C3560_2#sh ip route
Default gateway is not set
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
HHMC_2H13_C3560_2#
Thanks
08-20-2007 06:20 PM
So the only way for this device to reach a different subnet is via a router with proxy-arp enabled. If you want to test, disable proxy-arp on every single router on that subnet (if there is more than one).
If you remove the ip route 0.0.0.0 can you still do all the tasks you mentioned before ?
08-20-2007 06:23 PM
Edison
I would think that the output of show protocol would be more conclusive than the output of show ip route. But from the fact that nothing shows up in the output of show ip route (not even any connected interfaces) I think it may be safe to assume that ip routing is, in fact, disabled.
Binh
Can you clarify for us whether ip default-gateway is configured or not. Also can you show us the results of attempting access to other devices (esspecially in the situation that default-gateway is not configured and default route is configured.
HTH
Rick
08-21-2007 09:14 AM
Rick, I'm sure that the "ip default-gateway" is not configured. Here are the results as you suggested:
HHMC_2H13_C3560_2#sh run | in ip route
ip route 0.0.0.0 0.0.0.0 10.107.29.1
HHMC_2H13_C3560_2#
HHMC_2H13_C3560_2#copy start tftp
Address or name of remote host []? 10.107.16.55
Destination filename [hhmc_2h13_c3560_2-confg]?
!!!!!
18023 bytes copied in 0.092 secs (195902 bytes/sec)
HHMC_2H13_C3560_2#sh ip int bri
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM administratively down down
Vlan29 10.107.29.6 YES NVRAM up up
HHMC_2H13_C3560_2#sh run | in ip default-ga
HHMC_2H13_C3560_2#
------
To Edision, it's a live network at a hospital (very critical). Sorry, I can't just add/remove commands. All I can do are just "show" commands unless I can show that things are not working properly.
------------------------------------------
Thanks
Binh
08-21-2007 09:32 AM
Binh
Thanks for posting the additional information. It does appear that ip default-gateway is not configured. And it does look like ip routing is enabled. There are several other pieces of information that would be helpful. Would you post the output of show protocol? Also would you post the output of show arp? And would you post the configuration of the VLAN interface? Actually that raises a question in my mind: is there just a single VLAN configured or are there multiple VLANs?
HTH
Rick
08-21-2007 09:38 AM
Binh,
The static default route configured isn't being used as 'ip routing' is disabled in the switch.
I believe the behavior of the newer switches is to ARP out for any non local destination address, when no default gateway is configured, and another router/L3 switch that has proxy ARP enabled would respond to the ARP with it's own MAC address. You can verify this by doing 'show ip arp' in the switch and if you see ARP entry for those remote destinations then we can conclude that indeed is the case.
HTH
Sundar
08-21-2007 10:42 AM
I agree that "ip route 0 0" isn't used at all, but I can't prove that it's not working properly, so we can use "ip default-gateway" instead. The point is if everything is working properly, my upper mgmt don't want to take the risk of changing configs.
Anyway, we do have other vlans on the switch, but only one SVI is up. Also, I'm pretty sure that the "ip routing" is not enabled (it doesn't show up in "show run", and you can tell that in "show ip route").
Show cmds:
HHMC_2H13_C3560_2#sh protocols
Global values:
Vlan1 is administratively down, line protocol is down
Vlan29 is up, line protocol is up
Internet address is 10.107.29.6/24
FastEthernet0/1 is administratively down, line protocol is down
FastEthernet0/2 is down, line protocol is down
FastEthernet0/3 is up, line protocol is up
[truncated]
HHMC_2H13_C3560_2#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.107.16.112 160 0007.b400.1d02 ARPA Vlan29
Internet 10.107.2.251 154 0007.b400.1d02 ARPA Vlan29
Internet 10.107.9.78 197 0007.b400.1d02 ARPA Vlan29
Internet 159.225.173.254 73 0007.b400.1d01 ARPA Vlan29
[truncated-exact the same as show arp]
HHMC_2H13_C3560_2#sh run int vlan 29
Building configuration...
Current configuration : 191 bytes
!
interface Vlan29
ip address 10.107.29.6 255.255.255.0
no ip redirects
Thanks
Binh Dinh
08-21-2007 11:01 AM
Proxy-arp is indeed enabled (by default as Edison O. mentioned) on our vlan 29 (show ip int vlan 29). Well, this means that cisco's default settings had bailed us out though having the incorrect command.
Thank you all for your contribution!
-Binh
08-21-2007 11:05 AM
Binh
Thanks for posting the additional output. I believe that it is sufficient for us to explain what is going on. I would explain it this way: the switch is in VLAN 29 for its management interface address 10.107.29.6/24. It is accessing successfully addresses that are outside of its own subnet. It is doing this by ARPing for the remote addresses. Other layer 3 devices in VLAN 29 are responding to the ARP requests because they have proxy ARP enabled. This is shown if you look at the ARP table on the switch and find that there are 4 addresses in the ARP table of remote devices (and that 2 different layer 3 devices are resonding to the ARP requests).
So this switch is not using the default-gateway configuration option, and while a default route is configured it is not being used either (the output of show protocol shows that ip routing is not enabled). Successful access to remote addresses is based on proxy ARP in other devices in the VLAN. So long as the other devices continue to enable proxy ARP then connectivity should work with no config changes required. If it were me I would want to change the config and either configure the default gateway or enable routing and use the default route. But I can understand the position of management that they do not want config changes unless it is really necessary. And in this circumstance change is not really necessary.
HTH
Rick
08-21-2007 11:06 AM
As suspected the other layer 3 devices on the subnet are doing proxy ARP, as the ARP cache shows entries for remote destinations, on behalf of remote destinations resulting in remote access to this switch even when there's no default gateway configured.
Though it's working fine for now in order to ensure the remote access to the switch works uninterrupted you should definitely configure a default gateway on the switch.
HTH
Sundar
08-21-2007 11:35 AM
Again, thank you all for your replies and explanations! They are all greatly appreciated.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: