ip default-gateway

Unanswered Question
Jan 9th, 2010
User Badges:

i get the purpose of this command. Its a default gateway so you can access the switch from another subnet. However i have a 2950 on the network and its pingable/telnetable from everyother subnet yet it has no ip defualt gateway configured. It is only a L2 switch. How can this be if it has no default gateway?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Sat, 01/09/2010 - 19:44
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

I have seen a behavior on some switches where they will arp for unknown destination addresses when they do not have a default gateway set, and I believe that the 2950 may be one of those switches. If the switch will arp for the unknown address, and if the connected layer 3 interface supports proxy arp, then the layer 3 gateway will send an arp response (with its own MAC address) to the switch. This allows the switch to access remote addresses without having a gateway configured.


It is best practice to configure a default-gateway on the layer 2 switch. But configuring a default-gateway is not an absolute requirement.


HTH


Rick

Reza Sharifi Sat, 01/09/2010 - 20:42
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

Hello Rick,


This is very interesting.  Is there any document, white paper, config guide that explains this behavior in some Cisco switches?

searching the config guide for the 2950 switches did not produce much info.


The only thing I was able to find is this:



Step 5

ip default-gateway


ip-address Enter the IP address of the next-hop router interface that is directly

connected to the switch where a default gateway is being configured. The

default gateway receives IP packets with unresolved destination IP

addresses from the switch.

Once the default gateway is configured, the switch has connectivity to the

remote networks with which a host needs to communicate.


When your switch is configured to route with IP, it does not need

to have a default gateway set.



I think what the red font section is refereeing to is when IP routing is turned on,  but then again a 2950 switch is a layer-2 device only and you can't turn on IP routing anyway








Thanks,

Reza

Peter Paluch Sun, 01/10/2010 - 00:16
User Badges:
  • Cisco Employee,

Hello Reza,


Rick is absolutely correct. My personal experience with 2950 series switches is that if the ip default-gateway is not configured, they will rely on ProxyARP for every IP outside their management VLAN. There are obviously numerous drawbacks to have a switch relying on the ProxyARP to communicate with outside world. Therefore, I believe, configuring the ip default-gateway is the correct thing to do.


Best regards,

Peter

glen.grant Sun, 01/10/2010 - 04:18
User Badges:
  • Purple, 4500 points or more

As others have said someone has left proxy arp turned on at the layer 3 routing interface or SVI.  This will allow your device to reached without a default gateway , that said best practices indicate it should not be on and you should use a default gateway statement on your devices. Reasons why proxy arp should not be used include


  • It increases the amount of ARP traffic on your segment.

  • Hosts need larger ARP tables in order to handle IP-to-MAC address           mappings.

  • Security can be undermined. A machine can claim to be another in           order to intercept packets, an act called "spoofing."

  • It does not work for networks that do not use ARP for address           resolution.

  • It does not generalize to all network topologies. For example, more           than one router that connects two physical networks.

mikegrous Sun, 01/10/2010 - 07:55
User Badges:

Very intresting morning reading. It appears on our vlan1 ip proxy arp is turned on as it is a default command.

Good stuff!

Actions

This Discussion