cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2082
Views
20
Helpful
20
Replies

What exactly does the "ip default-gateway x.x.x.x" command do on a switch?

insccisco
Level 1
Level 1

Guys, curious question... I have a 6509 (core sw) and 4 3560 switches connected to this 6509. Each of these 4 switches has its management IP configured.

The management IP addresses of the switches sit on subnet 10.10.5.0/24

From one of these switches, I start pinging hosts which reside in other VLANs (for example, 10.10.20.3) and the switch will not know how to get (ping) to the host if it wasn't for the “ip default-gateway 10.10.5.1” command configured on the switch. Is this correct assumption? Can you please correct me if I am wrong here?

Exactly what this “ip default-gateway x.x.x.x” command does when configured on a switch?

1 Accepted Solution

Accepted Solutions

What is 10.10.6.1 ?

You are correct in what you say that the first hop reported should be 10.10.5.1 based on the topology described.

Jon

View solution in original post

20 Replies 20

Jon Marshall
Hall of Fame
Hall of Fame

Angel

The "ip default-gateway x.x.x.x" command serves the same purpose as the default-gateway on a server or client pc. It basically tells the switch that to get to any remote network it should send the packet to it's default-gateway.

If the switch didn't have a default-gateway then you would only be able to ping other machines on the same subnet.

Note that if you have a L3 switch which you want to route then you don't give it a default-gateway you give it a default route.

Jon

Great. Now, if I uplink another 3560 (let's call this sw2) to one of the current 3560s that are currently connected to the 6509, in theory I should not have any problems placing hosts into one of this sw2 ports right?

For example, there should not be any problems if I need to put a PC into port gig0/43 of sw2 and place this port into VLAN 40 (switchport access vlan 40)… right? In theory, this PC should be able to ping other PCs which reside on the same VLAN40 but are physically connected to the other 3560s which are directly connected to the 6509…. Right?

I am getting to a point here but before I do, I need to be sure I understand the process 100%.

Let me know

"Now, if I uplink another 3560 (let's call this sw2) to one of the current 3560s that are currently connected to the 6509, in theory I should not have any problems placing hosts into one of this sw2 ports right?"

This should be fine as long as vlan 40 exists on the new switch and it is allowed across the link between the new 3560 and the existing 3560 whether that link is an access port in vlan 40 or a L2 trunk.

Note that this has nothing to do with the "ip default-gateway ..." on the switch. That is purely for the switch to communicate with devices outside it's subnet but it is not used for user traffic. If you removed the "ip default-gateway x.x.x.x" from the switch a pc connected to your new 3560 in vlan 40 should still be able to communicate with other devices on vlan 40 and outside vlan 40 as long as there is a L3 SVI for vlan 40 on the 6500.

The reason you need to default-gateway on the switch is so you can access it from a remote subnet for management.

Jon

It looks like the link between the new 3560 and the existing 3560 is a L2 trunk. I checked the port settings on sw2 (the new 3560) and there is only one statement (end). So I then checked the trunk status on sw2 (“sh int trunk”) and indeed port 0/51 on sw2 is in “trunking” status and VLAN 40 is one of the many “Vlans allowed and active in management domain”

Now, I follow you very clear. But here is a bit of unexpected behaviors from my part but could be “expected” but I don't know so this is why I need the confirmation from the big cats…. I have this sw2 configured with a management IP address of 10.10.5.21. I have confirmed what you just mentioned about the ”ip default-gateway x.x.x.x” because I've configured one and then taken it out and I still have connectivity from the sw2 to other hosts on the same subnet (10.10.5.0).

But when I have “ip default-gateway 10.10..5.1” configured on sw2, and I ping the outside, I can get out successfully but when I do a “trace 4.2.2.2” from sw2, the first hop I hit is 10.10.6.1 and then the 2nd and then the rest of them til hop 30 are plain asterists. Shouldn't the 10.10.5.1 address appear as the first hop out to the internet as this is the IP address on the VLAN 1 interface on the 6509?

What is 10.10.6.1 ?

You are correct in what you say that the first hop reported should be 10.10.5.1 based on the topology described.

Jon

It is the IP address of one of the VLAN interfaces configured on the 6509:

interface Vlan6

description PBX

ip address 10.10.6.2 255.255.255.0

no ip redirects

standby 6 ip 10.10.6.1

standby 6 timers 3 5

standby 6 priority 110

standby 6 preempt

Would you know why was I getting the wrong IP as the first hop whenever I was doing traces?

It's not obvious. Can you post the following outputs

on your new switch

1) sh ip route

2) sh run

3) sh int trunk

on the 3560 switch that is between your new switch and the 6500

same as above

On the 6500

sh ip int brief

Jon

#sh ip route

Default gateway is 10.10.5.1

Host Gateway Last Use Total Uses Interface

ICMP redirect cache is empty

#sh int trunk

Port Mode Encapsulation Status Native vlan

Gi0/51 auto n-802.1q trunking 1

Port Vlans allowed on trunk

Gi0/51 1-4094

Port Vlans allowed and active in management domain

Gi0/51 1,5-7,10-11,30,70,80,99-100,110-111,190,200,203,205,213,252-253,972,998-999

Port Vlans in spanning tree forwarding state and not pruned

Gi0/51 1,5-7,10-11,30,70,80,99-100,110-111,190,200,203,205,213,252-253,972,998-999

I have attached the running config of the new 3560. I do not have access to the old 3560 nor to the 6509, but I do have their current running configs printed out.

There is no "ip routing" enabled on the old 3560

Angel

There are more than one vlan L3 interface on this switch which doesn't really make sense because the switch is not in routing mode. So none of the L3 vlan interfaces are in use other than vlan 1.

Do you know why there are so many other vlan interfaces ie.

vlan 6,10,20,30,99 & 100

Also you have this in your config -

interface GigabitEthernet0/49

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 5,6,10

switchport mode trunk

switchport nonegotiate

what is on the other end of this trunk link.

If this switch is meant to be purely L2 switch then it is not configured as i would expect.

Jon

Jon, thank you very much for all all the help, as always, you are from another world!!

Just disregard the 0/49 port. It is not connected to anything (int shows as down).

For the first question, those are good questions because alhough I have not enabled ip routing, I will eventually do so and those vlan L3 interfaces will be the "default gateways" for the hosts on those VLANs. By having them in there in this still pure L2 switch, will it do any harm to the network?

See, right now the 6509 is the core switch and all L3 interfaces are configured in there. The hosts on those VLANs (vlan 6, 10, 20, etc) are currently working properly and with no problem. All those L3 interfaces IP addresses end with a .1 so the "L3" vlan interfaces I have configured on the still pure L2 switch (new 3560) have IP addresses that end with .254. I've done this so there will be no conflict.

The reasoning behind all this is that the current infrastructure, as you might have figured it out already:

internet router <--- 6509(core) <--- 8 3560s

will be taken down and replaced by

internet router <--- 1 3560(core) <--- 1 3560

So, this is why there is a new 3560 trunked to one of the 8 old 3560s to start the transition. During the transition period the old infrastructure and the new one will be up and running simultaneously until all devices are finally moved to the new network.

There is a new internet connection with an 1841 as the internet router which will be part of the new network. This is already connected to a 3560 and this is the 3560 which I am referring to. We're calling this sw2

This sw2 is trunked to one of those 8 3560s currently on the old network. So this is the reason why the L3 interfaces are setup on sw2, although this sw2 has not yet been enabled as a L3 switch.

Also, please note that this is a bit messy as I just inhereted this case hours ago. The customer claims that all his IP phones went down few days ago when the old IT guys were trying to "bidge" these 2 networks.

Out of all multiple VLANs currently in place in the old network, they will only be staying with 4 and these 4 VLANs will obviously be residing on the new network and all those hosts will be moved there. The reason for the "bridge" is because there are servers on the new network that need LOTs of data from old legacy equipment. There will be a time where I think those new servers will be residing on the new network, with their new default gateways pointing to the new internet connections and at the same time those new servers will still need access to the old hosts which will be sitting at the old network.

So I am trying the find out how to best approach this without conflicting anything. I guess one of my main questions was the question of having 2 L3 switches operating at the same time on the same network? Will the hosts that will still be sitting at the old network be smart enough (their default gateways pointing to the L3 interface on the 6509) to ping anything on their subnet including hosts which will be physically connected to the new network 9and their default gateway pointing to the L3 interfaces of the 3560)? I want to think that in theory yes because is traffic within the same subnet , right?

Angel

Apologies for the delay in replying, happy new year to you !

One possible solution is instead of trying to bridge you could run HSRP between the 6509 and the 3560 switch for the L3 vlan interfaces although you would probably want to connect your new 3560 (sw2) directly into the 6500.

If you connected these up with a L2 trunk you could then run HSRP between the 6509 and the new 3560. When you have finally migrated off the 6500 totally you just shutdown the L3 vlan interfaces on the 6500 and the 3560 one's become active.

If you want to avoid have to setup up new default-gateways on all your servers you could readdress the 6500 L3 vlan interface addresses and use .1 as the HSRP VIP. Then when you shut the 6500 interfaces down .1 will move across the 3560.

Any thoughts ?

Jon

One other question i forgot to ask. Any reason why you are removing a 6500 from the core to replace with a 3560 ? - just interested.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco