ip default-gateway needed for a router-on-a-stick configuration?

Unanswered Question
Aug 9th, 2009
User Badges:

Let me start off with some background. We have a number of layer 2 switches that sit behind a router in a router-on-a-stick configuration. There are two routed VLANs. One (VLAN1) is fa 0/0, and one (VLAN1000) is fa 0/0.1000. VLAN 1000 is the management VLAN, and each of the switches has an IP in VLAN1000. VLAN 1 is the user subnet.


I have noticed that on many of the switches there is no default-gateway configured. However, I can still connect to the switch on its management interface from a workstation in the user subnet.


I am trying to figure out how this is possible if the layer 2 switch does not have a default-gateway configured. How does the switch know how to route back to the workstation that is in a different subnet?


Now, I also tested this out with a layer 3 switch acting as the router, with multiple layer 2 switches behind it. The layer 3 switch had SVIs configured for each of the routed VLANs. In this scenario, I HAD to have a default gateway configured on the switch in order to ping to the user subnet.


Anyway, sorry for the novel, but I wanted to provide as much information as possible. So, does anyone know why it is that I do NOT need a default-gateway when using the router-on-a-stick configuration?


Oh, on a side note. With the router on a stick setup, if I do set a default gateway, it does not matter what IP I set it to, it always routes correctly. However, if I set the default gateway to an IP on the management subnet that is NOT the router IP, then it does not route at all, and I cannot reach my VLAN 1 subnet.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Hitesh Vinzoda Sun, 08/09/2009 - 09:45
User Badges:
  • Silver, 250 points or more

Hi,


I can see two different views from what you have written.


Case 1 : You are able to ping the Mgmt. int of switch from user subnet (router on a stick).


Case 2 : you are not able to ping from switch sitting in different Vlan to some host in different Vlan.


First of all we will proceed in one way communication from PC from different vlan to mgmt of IP of switch in different Vlan with no default gateway configured.

a. PC from Vlan 1 pings Switch 1 in vlan 1000.

b. PC sends the packet to the default gateway i.e, router in your case with subinterfaces. router looks up the packet and performs routing for your connected subnets.

c. Checks the layer 2 resolution i.e MAC for your switch IP, if its there than ok otherwise, it will send arp for layer 2 resolution (broadcast).

d. Switch will receive it and replies to the arp and packet is forwarded to switch. hence you can ping from any pc on other subnets to the switch with no default gateway configured which is ultimately taken care by the BOSS, the router.


Case 2 :

When you ping from your switch in vlan 1000 to PC in user Vlan with no default gateway configured.


a. Switch will not have any knowledge about the subnets other than its and where to forward the packet and hence drops.


i.e. When you configure a default gateway on L2 switch, it sends any traffic destined to other subnets to its gateway and rest is taken care by gateway i.e. router.


Try this on your pc hope thiswill help you to understand.


configure TCP/IP settings as


IP : 192.168.1.10

Subnet mask : 255.255.255.0

gateway : 192.168.1.1


go to command prompt and check "ROUTE PRINT", you will see that apart from 192.168.1.0 subnet there is a default route 0.0.0.0 0.0.0.0 to 192.168.1.1


now do not enter the gateway in TCP/IP settings and leave it blank. issue ROUTE PRINT in cmd prompt and you will see no default route and you cannot communicate outside your subnet.


I would suggest to relate the facts in one direction.


1. ping from PC to switch with no default gateway ( router on stick)

2. Ping from PC to switch with no default gateway ( SVI environment)


Both will work but when you ping from switch to some other subnet and no default gateway is configured, ping fails..


hope this helps.


Regards


Hitesh Vinzoda

Actions

This Discussion