Stupid Question about a 3750 Stack..

Unanswered Question
Sep 20th, 2007

Alrighty then. I've been passed the ball on this new network infrastructure the company is doing. And I can't, for the life of me, figure out exactly what's wrong here.

Situation: Switch Stack configured to

MPLS Router is

VoIP VLAN Configured for

And we're adding a wireless DSL router as an alternate gateway/internet source for specific access only (IT prefers not to use the MPLS thanks to better bandwidth from DSL...)

I've got it configured on VLAN 91, with being the switch, being the router. The reason for this is we want it to be separate from the rest of the networks, no unsolicited traffic coming in, etc. It seems to work great! I can ping from the 10.20.13.x subnet to the router. It responds. Every thing's happy... until I try using it as a default Gateway.

Here's the problem: I configure a computer with as the default gateway, but when I try to tracert out, it goes through the MPLS! Here's the info...

IP Address:

Subnet Mask:

Default Gateway :


Tracing route to []

over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms

2 4 ms 4 ms 4 ms

And what's weird is if I configure it as a gateway, and try to ping it, it gives me Destination net unreachable. But if it's not set as the gateway, I can ping it just fine. Any ideas?

I will note: by default the gateway is the switch:, and when that is the gateway I can ping I attempt to set the gateway as and it stops talking to the switch and tries going straight through the MPLS.

When the default gateway is, it goes from that to the internet. When it is it tries going through, our MPLS connection to the internet. Shouldn't it, if it is, be going from to to the internet? I'm confused!!!

What am I missing?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sgelli Thu, 09/20/2007 - 14:28

Shouldn't the default gateway be from the same subnet as the PC itself?

sgelli Thu, 09/20/2007 - 14:29

Shouldn't the default gateway be from the same subnet as the PC itself?

sgelli Thu, 09/20/2007 - 14:29

Shouldn't the default gateway be from the same subnet as the PC itself?

Michichael Thu, 09/20/2007 - 14:32

Normally, but here's the thing. We've got a corporate gateway which goes over a slow connection, and a wireless DSL router with a fast connection. We'd like to have our PC's be in the VLAN 90 so we can access and monitor the network but able to use the gateway in VLAN 91 for internet traffic. We'd like to keep it on a seperate VLAN to prevent somebody from getting in to the wireless, and through that into our network. We've got an access list set up for this purpose from our Cisco friend, but he's stumped too as to the behavior of the connection.

What we've currently got at this (old) facility is a dsl modem plugged into a router with a address, and we just use that as a default gateway.

So why can't we create a VLAN and be able to access across the VLAN the same way?

Why is it, with no default gateway, the switch acts like a router (it becomes the gateway, and a tracert shows the switch, then the internet, instead of the switch, the mpls, the internet). Why is it, when we set a gateway, the switch, instead of forwarding the traffic it recieves to the VLAN that the gateway's IP is on, it forwards it to, the MPLS, who tries to forward it to that address? Shouldn't the switch automatically forward it to the VLAN, instead of trying to use the address?

sgelli Thu, 09/20/2007 - 15:03

- Are you performing any kind of routing on the Switch or is it purely layer 2?

- You cannot configure an IP address as default gateway if it is not in the same subnet as the PCs IP address. The PC uses the default gateway to send traffic to subnets/networks that it does not belong to. In this case, the PC does not know how to get to In your case, the Switch is very likely doing a Proxy ARP to re-route traffic to the MPLS cloud.

Send the configuration of the Switch and the router so we can troubleshoot better.

Michichael Thu, 09/20/2007 - 15:50

I believe it is a layer 3 setup. I did not configure this switch, I'm just trying to work with what I was given. Shall I just post the configuration straight in here?

sgelli Thu, 09/20/2007 - 16:27

You can actually add attachments here if that is easier for you.

Michichael Fri, 09/21/2007 - 07:34

Ok, here it is. I think....

I didn't set this up, but would like to think that the guy who did knew what he was doing.

We will be moving our network to these switches in a month or so, which means that this configuration will likely change as well.

I think that the ICMP redirects (see #1 below) that the switch is issuing for the MPLS router is causing this mysterious behavior. I stand by my recommendation to use PBR combined with the last remark in #1 to put the IT traffic on that DSL router.

1) Your net is dependent upon ICMP redirects ( to go off-net. Your DHCP scope router option is set to the SVI address and the switch's default route is the MPLS router. You could encounter some inconsistent behavior and some large client routing tables with this config. Better to put the MPLS and peer switch interface/SVI on a separate network

2) You have ip helper-address on the vlan SVI and are running a dhcp scope at the same time. I guess this could be for redundancy in case the switch's dhcpd crashes but I've not seen that happen before. The switch will respond with its offer before does so you could see some inconsistencies in the client configs. You said that you didn't set it up so be aware that its there.

Reproduce the behavior you're seeing and then do a "route PRINT" on the host and paste it in here.

Michichael Fri, 09/21/2007 - 12:28

I'm not at all familiar with work through the CLI with this kind of stuff, sadly. Can you be more specific with what needs to be done so I can read up on it?

Michichael Fri, 09/21/2007 - 12:45

I did find this in the configuration:

Gateway of last resort is to network is subnetted, 3 subnets

C is directly connected, Vlan20

C is directly connected, Vlan90

C is directly connected, Vlan91

S* [1/0] via

That help?

Michichael Fri, 09/21/2007 - 12:22

Yes, I configured the static route back. Sec...:

Route List

Subnet IP Subnet Mask Gateway Interface lo0 bridge0 --

The last is the one I added. Naturally I removed the public IP parts.

Wow. What you're describing sounds sort of like proxy-arp, 'cept the host's mask is too long. I think we're missing something in the description here cause it...well it doesn't make sense. To clear it up I think diagrams and configs will be necessary.

Best thing do to is to set the thing to best practices, hosts' gateway on same subnet with hosts etc. Then you ip-policy the hosts you want using the DSL to the DSL router.


This Discussion