cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
960
Views
0
Helpful
16
Replies

Do you need a default gatweway

nygenxny123
Level 1
Level 1

My server guys are trying to get servers that are up..that will only talk with each other..no outside traffic...however

the servers are on different switches...

with no default gatweway being assigned

we can connect the switches via trunks..

but will this work?..

do they need to be assigned to their own vlan ?

right now everything is on default vlan 1

the switches are being configured for the same "subnet" range...

1 Accepted Solution

Accepted Solutions

Richard

If the other switch was configured to use VLAN 1 then it certainly would explain the problem that you were having. If the servers need to communicate with each other and not have a default gateway then the servers MUST be in the same VLAN.

Answering the second part of your question is difficult without knowing what kind of switch you are talking about. If it is a layer 2 switch (which would be consistent with some of the things that have been in the post) then the switch can not configure 2 VLAN interfaces with IP addresses on each. A layer 2 switch can have only a single IP address configured on the switch. If the switch is a layer 3 switch (which would be consistent with the fact that you can configure an IP address directly on the fastethernet) you could configure a second VLAN interface and put an IP address on it. But to do that you would also need to configure IP routing on the switch which introduces default gateways into its operation. And since the point of this discussion seems to be to not have default gateways then I believe that you could not have both the 10.1.8.0 and the 172.18.8.x active on the switch.

HTH

Rick

HTH

Rick

View solution in original post

16 Replies 16

Jon Marshall
Hall of Fame
Hall of Fame

Richard

If the servers only talk to each other within the same vlan then no you don't need a default-gateway configured on the servers.

You may however want to look into creating a separate vlan for the servers and then do not create a L3 SVI for that new vlan on your L3 switch. That way even if someone accidentally misconfigured the server ie. added a DG the servers would still not be able to route off their vlan.

Jon

Thx Jon...

For some reason none of the switches are talking to each other. All the ports are left at default vlan 1..

and trunking is enabled between the two switches

Richard

Can you just clarify that when you talk of default-gateway you are talking about a default-gateway on the servers and not on the switches ?

The default-gateway on L2 switches is only needed for managing the switch itself.

Check that the subnet masks on all the servers are the same. If they are and the switches show the trunk up and operational a server on one switch should be able to communicate with a server on the other switch.

Jon

Neither the swithces or servers are configured with a default gateway.

The only IP on the switch is configured on the f0 port...Which is directly

connected to or core.

No default gw

The servers themselves, from what they tell me, are also not being configured with a default gw. Only IP's

in the 172.x.x.x. Which would not

be advertised anywhere else

We have 6 switches..Not fully meshed..

but trunks going from one to the other

ex: server....switcha--trunk--switchb-trunk--switchc---server

Richard

If all ports are left in VLAN 1 then you do not need trunking between the switches. You only need trunking when multiple VLANs need to be transported over a single link. What happens if you remove the trunking configuration and just make the switch to switch connections be access ports in VLAN 1?

HTH

Rick

HTH

Rick

hmm i will try that

my mistake..vlan 108 is configured on these..

even if vlan 108 is used elsewhere in our network to route production traffic..

if these servers on different switches. are all assigned to vlan 108..without a gatweway....they should be able to talk?

I tried to ping and no response on a local server.....ARP table showed the IP address associated with FE0. The local server is on g1/0/9

FE goes to our core

.

Richard

Perhaps it would help us understand this issue if you would post the output of ipconfig from a couple of the servers that you are testing (or the equivalent command if the servers are not Windows).

HTH

Rick

HTH

Rick

Hi rick..

the IP of the server is

172.18.9.101 255.255.252.0

no default gw

It is connected to g1/0/1..which is assigned to vlan108..

here is the config..i took out alot of gigports for visibility

here is the switch it is connected to.

And i can not ping that server from the switch.

sh run

Building configuration...

!

hostname clt-A1.3stk

!

enable password 7 01120ED73190F

!

aaa session-id common

switch 1 provision ws-cbs3120x-s

switch 2 provision ws-cbs3120x-s

system mtu routing 1500

ip subnet-zero

!

!

!

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

interface FastEthernet0

description MC1.C1 port f0/15

ip address 10.1.8.83 255.255.252.0

interface GigabitEthernet1/0/1

switchport access vlan 108

spanning-tree portfast

!

!

interface GigabitEthernet1/0/9

switchport access vlan 108

spanning-tree portfast

!

!

interface TenGigabitEthernet1/0/1

description A2.1-4-3 port 1/0/1

switchport mode trunk

!

interface TenGigabitEthernet1/0/2

description A2.1-4-3 port 2/0/1

switchport mode trunk

!

interface GigabitEthernet2/0/1

switchport access vlan 108

spanning-tree portfast

!

interface TenGigabitEthernet2/0/1

description A2.1-4-3 1/0/2

switchport mode trunk

!

interface TenGigabitEthernet2/0/2

description A2.1-4-3 port 2/0/2

switchport mode trunk

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip http server

line con 0

privilege level 15

line vty 0 4

privilege level 15

line vty 5 15

privilege level 15

!

ntp clock-period 36028694

ntp server 10.10.1.1

end

clt-A1.1-3stk#

Richard

This information helps us understand why the switch can not ping the server. The switch address is in subnet 10.1.8.0 and the server is in subnet 172.18.8.0. For the switch to be able to ping anything in a different subnet it needs a default gateway and the switch is not configured with a default gateway.

So now we know why the switch can not ping the server. We still do not have information to understand why one server can not ping another server.

HTH

Rick

HTH

Rick

Ok..I believe I have this one set..

The switches on the far end were configured on vlan 1.

Once I configured the ports to vlan108..they were able to talk to each other. via the trunks

But...

What if i had also configured an interface vlan108 on the switch with 172.18.8.x network address

and kept the 10.1.8.0 on the fe..

would I have been able to ping the servers from the switch this way?

Richard

If the other switch was configured to use VLAN 1 then it certainly would explain the problem that you were having. If the servers need to communicate with each other and not have a default gateway then the servers MUST be in the same VLAN.

Answering the second part of your question is difficult without knowing what kind of switch you are talking about. If it is a layer 2 switch (which would be consistent with some of the things that have been in the post) then the switch can not configure 2 VLAN interfaces with IP addresses on each. A layer 2 switch can have only a single IP address configured on the switch. If the switch is a layer 3 switch (which would be consistent with the fact that you can configure an IP address directly on the fastethernet) you could configure a second VLAN interface and put an IP address on it. But to do that you would also need to configure IP routing on the switch which introduces default gateways into its operation. And since the point of this discussion seems to be to not have default gateways then I believe that you could not have both the 10.1.8.0 and the 172.18.8.x active on the switch.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco