ip default-gateway???

Unanswered Question
Dec 10th, 2007


I have a very silly question..

When when I perform a "no ip default-gateway" am I unable to reach the management remotely to the device attached to my switch?

but when I perform the "ip default-gateway" I can reach the management of my device attached to my switch?

I found this definition but it doesn't help me much? I need a logical answer that I can't come up with.

"ip default-gateway address Global command that sets the default gateway so

that the management interface can be reached from a remote network."

Why do I need this command so that the management interface can be reached???

Please let me know.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
paul.matthews Mon, 12/10/2007 - 04:44

You are probably trying to access it from devices that are not on the local subnet that the switch is configured on. The command tells the switch where to send packets that are for other subnets.

Mavrick25 Mon, 12/10/2007 - 04:58

Well I am trying to telnet into the device from a remote location so you are correct when you said "trying to access it from a different subnet"

but the command ip default-gateway was not taken off the switch but off the device connected to the switch..

the switch should still know how to get to the device, when I try telneting in??

I can ping the device logical but can't telnet into the device after removing "ip default-gateway" for the devices config..

I don't understand why??

rayroyaleverest Mon, 12/10/2007 - 05:11

A default gateway must be configured on a computer for it to be able to connect to another subnet.

Mavrick25 Mon, 12/10/2007 - 05:19

So are you saying the problem exists not on me connecting to the device... but on the device connecting to me..

When I took the ip default-gateway command off the device connecting to the switch, it couldn't properly create a TCP/IP connection?? because it couldn't connect to the subnet I was on??

Is this what the answer is?

paul.matthews Mon, 12/10/2007 - 05:54

I am not sure what exactly you are saying.

I'll keep this simple




Even if the PC is plugged into the switch, it is on a different subnet to the switch, so you need to go via the router to get any traffic between the PC and the switch

That means the PC needs a default gateway of and the switch a default gateway of

If you are saying that removing the default gateway somewhere stops telnet, but still lets you ping, then we need to see a little more info, as that is strange.

Mavrick25 Mon, 12/10/2007 - 06:07

Ok, here is the story.

I am in Milano the device I needed to connect to is in Naples.

I telnet into the device (IP address of management port), access successfully..

decided to remove the ip default-gateway command from the device I was telneted in..

once I exited out of my telnet session, I was cooked.. I could ping the management ip address but couldn't telnet in..

I literally had to get a tech to go out, connect via console and add that command (ip default-gateway) to successful telnet in again..

Why, I have no idea..


paul.matthews Mon, 12/10/2007 - 06:57

The bit I can't answer is why it let you finish the telnet session, and would still respond to a ping!

The best explanation I can come up with explains the ping but no telnet but does nothing for why you managed to finish the session.

The possibility that would allow ping is that you have two devices that can act as a router on that subnet. Without the default gatewy, some versions of switch will proxy arp for the destination address (ie you!) and if the device that responded forst had some form of security configured that would let pings through but not telnet. I suppose depending on the security, it *may* have permitted established telnet sessions through, but not fresh ones.

What you should have been able to do is telnet to the router identified as the default gateway, then telnet from there to your switch.

srue Mon, 12/10/2007 - 18:24

i've found that the best way to explain the ip default-gateway command is to compare it to a windows pc and the default gateway field on it. it behaves the same way and is used for the same purpose. Do not confuse it with a default route.

also, next time, if possible, when you get locked out in a situation like that, telnet to something else on the same subnet, then telnet to it from there, assuming access-class'es are set up for it and all that good stuff.

also, you could have just had someone out there at the remote site reboot the switch by unplugging the power cord and plugging it back in. (assuming you saved the config at some point while it was working right).

paul.matthews Tue, 12/11/2007 - 01:41

Another little trick I use when douing somthing that may affect my connectivity is schedule a reload:

rel in 10

will reload in 10 minutes if I don't cancel it. If I then do something sillt that breaks my connectivity, 10 minutes later the box reloads and I should be back in.

When I have sucessfully done what I need to, I then:

rel cancel

to cancel the reload, and can then save the config.

Mavrick25 Tue, 12/11/2007 - 02:04


That is actually a good idea..

I don't remember if I performed a "wr" or not.. but that could have been a solution instead of asking a tech to go out..

never thought of that..

But the device I lost connection to was a SCE device.. it's seems that that if the ip default-gateway command is taken away then, then you lose telnet capability.. ???

That was what was explained to me...

ccbootcamp Tue, 12/11/2007 - 06:05

If it's an ole set based CatOS switch, then the changes take effect immediately and you can't issue a 'wr' to save the config to NVRAM - it's just saved as soon as you type it in.

But also, if it's an IOS based switch, and you perform the command to remove the default gateway, then you will lose connection immediately, and not be able to do a 'wr'.

Here's a trick:

If you do remove the default gateway and lose connectivity, you can telnet to another device that is on the same subnet as the original device. Once on that other device, you can telnet from that device over to the device which you lost connectivity to. It's a great little trick.



(please rate the post if this helps!)


This Discussion