01-09-2010 04:24 PM - edited 03-06-2019 09:13 AM
i get the purpose of this command. Its a default gateway so you can access the switch from another subnet. However i have a 2950 on the network and its pingable/telnetable from everyother subnet yet it has no ip defualt gateway configured. It is only a L2 switch. How can this be if it has no default gateway?
01-09-2010 07:44 PM
I have seen a behavior on some switches where they will arp for unknown destination addresses when they do not have a default gateway set, and I believe that the 2950 may be one of those switches. If the switch will arp for the unknown address, and if the connected layer 3 interface supports proxy arp, then the layer 3 gateway will send an arp response (with its own MAC address) to the switch. This allows the switch to access remote addresses without having a gateway configured.
It is best practice to configure a default-gateway on the layer 2 switch. But configuring a default-gateway is not an absolute requirement.
HTH
Rick
01-09-2010 08:42 PM
Hello Rick,
This is very interesting. Is there any document, white paper, config guide that explains this behavior in some Cisco switches?
searching the config guide for the 2950 switches did not produce much info.
The only thing I was able to find is this:
Step 5
ip default-gateway
ip-address Enter the IP address of the next-hop router interface that is directly
connected to the switch where a default gateway is being configured. The
default gateway receives IP packets with unresolved destination IP
addresses from the switch.
Once the default gateway is configured, the switch has connectivity to the
remote networks with which a host needs to communicate.
When your switch is configured to route with IP, it does not need
to have a default gateway set.
I think what the red font section is refereeing to is when IP routing is turned on, but then again a 2950 switch is a layer-2 device only and you can't turn on IP routing anyway
Thanks,
Reza
01-10-2010 12:16 AM
Hello Reza,
Rick is absolutely correct. My personal experience with 2950 series switches is that if the ip default-gateway is not configured, they will rely on ProxyARP for every IP outside their management VLAN. There are obviously numerous drawbacks to have a switch relying on the ProxyARP to communicate with outside world. Therefore, I believe, configuring the ip default-gateway is the correct thing to do.
Best regards,
Peter
01-10-2010 04:18 AM
As others have said someone has left proxy arp turned on at the layer 3 routing interface or SVI. This will allow your device to reached without a default gateway , that said best practices indicate it should not be on and you should use a default gateway statement on your devices. Reasons why proxy arp should not be used include
It increases the amount of ARP traffic on your segment.
Hosts need larger ARP tables in order to handle IP-to-MAC address mappings.
Security can be undermined. A machine can claim to be another in order to intercept packets, an act called "spoofing."
It does not work for networks that do not use ARP for address resolution.
It does not generalize to all network topologies. For example, more than one router that connects two physical networks.
01-10-2010 07:55 AM
Very intresting morning reading. It appears on our vlan1 ip proxy arp is turned on as it is a default command.
Good stuff!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide