ip default-gateway

Unanswered Question
Jan 9th, 2010

i get the purpose of this command. Its a default gateway so you can access the switch from another subnet. However i have a 2950 on the network and its pingable/telnetable from everyother subnet yet it has no ip defualt gateway configured. It is only a L2 switch. How can this be if it has no default gateway?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Sat, 01/09/2010 - 19:44

I have seen a behavior on some switches where they will arp for unknown destination addresses when they do not have a default gateway set, and I believe that the 2950 may be one of those switches. If the switch will arp for the unknown address, and if the connected layer 3 interface supports proxy arp, then the layer 3 gateway will send an arp response (with its own MAC address) to the switch. This allows the switch to access remote addresses without having a gateway configured.

It is best practice to configure a default-gateway on the layer 2 switch. But configuring a default-gateway is not an absolute requirement.

HTH

Rick

Reza Sharifi Sat, 01/09/2010 - 20:42

Hello Rick,

This is very interesting.  Is there any document, white paper, config guide that explains this behavior in some Cisco switches?

searching the config guide for the 2950 switches did not produce much info.

The only thing I was able to find is this:

Step 5

ip default-gateway

ip-address Enter the IP address of the next-hop router interface that is directly

connected to the switch where a default gateway is being configured. The

default gateway receives IP packets with unresolved destination IP

addresses from the switch.

Once the default gateway is configured, the switch has connectivity to the

remote networks with which a host needs to communicate.

When your switch is configured to route with IP, it does not need

to have a default gateway set.

I think what the red font section is refereeing to is when IP routing is turned on,  but then again a 2950 switch is a layer-2 device only and you can't turn on IP routing anyway

Thanks,

Reza

Peter Paluch Sun, 01/10/2010 - 00:16

Hello Reza,

Rick is absolutely correct. My personal experience with 2950 series switches is that if the ip default-gateway is not configured, they will rely on ProxyARP for every IP outside their management VLAN. There are obviously numerous drawbacks to have a switch relying on the ProxyARP to communicate with outside world. Therefore, I believe, configuring the ip default-gateway is the correct thing to do.

Best regards,

Peter

glen.grant Sun, 01/10/2010 - 04:18

As others have said someone has left proxy arp turned on at the layer 3 routing interface or SVI.  This will allow your device to reached without a default gateway , that said best practices indicate it should not be on and you should use a default gateway statement on your devices. Reasons why proxy arp should not be used include

  • It increases the amount of ARP traffic on your segment.

  • Hosts need larger ARP tables in order to handle IP-to-MAC address           mappings.

  • Security can be undermined. A machine can claim to be another in           order to intercept packets, an act called "spoofing."

  • It does not work for networks that do not use ARP for address           resolution.

  • It does not generalize to all network topologies. For example, more           than one router that connects two physical networks.

mikegrous Sun, 01/10/2010 - 07:55

Very intresting morning reading. It appears on our vlan1 ip proxy arp is turned on as it is a default command.

Good stuff!

Actions

This Discussion