Solved: How a switch can be route without ip default gateway?

CSCO11584685 · ‎08-24-2010

yeah, i remember in the old days, it was a must to put ip default-gateway in layer 2 switches so we can manage them. but how is possible the newer switches can operate, and be managed/pinged without adding a default-gateay?

im really puzzled.

Richard Burts · ‎08-24-2010

While the response from NT gives the traditional explanation (you need ip default-gateway if operating a layer 2 switch and need a default route (static or dynamically learned) if operating at layer 3) I have discovered that the newer Catalyst switches do not behave in exactly that way. I have had the experience that I believe the original poster is asking about: I have had switches that do not have ip default-gateway and do not have a default route but are still able to access other network resources. I discovered that the explanation is that the switch would ARP for all IP addresses that you attempt to access (both for local subnet addresses (the expected behavior) and for addresses in remote subnets (not the expected behavior)) and if the connected layer 3 device has enabled proxy arp then the layer 2 switch has IP connectivity to the complete network.

HTH

Rick

HTH

Rick

View solution in original post

Nagaraja Thanthry · ‎08-24-2010

Hello,

The IP default gateway configuration was necessary on switches that have

single L3 interface and are acting as hosts from the IP perspective. Some of

the newer switches are designed to act as a router as well. If the switch is

configured to act as a router, then you do not need the default gateway

configuration. However, you do need a default route (static route) for

unknown networks. Other way is to propagate the default route through the

routing protocol itself. In any way, there will be one or other form of

default gateway configuration.

Hope this helps.

Regards,

NT

CSCO11584685 · ‎08-24-2010

here is the configuration of a switch.

en

conf t

int vlan 1

ip add 10.10.10.1 255.255.255.0

no sh

exit

wr

i attached this switch to distrubution switch that has routing enabled.

Now, by theory, this switch should not be able to be access from other networks (other subnets than 10.10.10.0).

my question is, why im able to access it. although there is no routing protocol enabled, and ip routing is not used. it should operate is L2 device without knowing how to route or send its traffice.

Richard Burts · ‎08-24-2010

While the response from NT gives the traditional explanation (you need ip default-gateway if operating a layer 2 switch and need a default route (static or dynamically learned) if operating at layer 3) I have discovered that the newer Catalyst switches do not behave in exactly that way. I have had the experience that I believe the original poster is asking about: I have had switches that do not have ip default-gateway and do not have a default route but are still able to access other network resources. I discovered that the explanation is that the switch would ARP for all IP addresses that you attempt to access (both for local subnet addresses (the expected behavior) and for addresses in remote subnets (not the expected behavior)) and if the connected layer 3 device has enabled proxy arp then the layer 2 switch has IP connectivity to the complete network.

HTH

Rick

HTH

Rick

CSCO11584685 · ‎08-24-2010

refering to http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094adb.shtml#howdoesproxyarpwork proxy arp.

it says that the host (switch) has /16 while the network actually is /24. so the host believes that the destination is in same subnet while it is not. so it sends the arp. the router will intercept the arp, says he is the host. and he will forward the message to it.

the only way we can say this applies to switches in our case. (yes, you are talking bout what im talking bout ) is that the switch will arp every ip request he will get, regardless if it is in same subnet or not. (which shouldnt happen, arp only goes to same subnet). so how can it be!

ah, ok. i get it. arp proxy is for the router. cisco switches are just nuts and will send arps to every ip inside or outside their subnet.

Richard Burts · ‎08-24-2010

Describing WHAT the switch does is fairly straightforward. Describing WHY (or how can it be) is much more subtle and complex (and only people with access to resources within Cisco can know the real answer). But to me it is fairly clear that the traditional approach (depend on ip default-gateway or have a default route) would mean that a switch with neither of these would have no connectivity. And for traditional Catalyst switches I believe that this was the case.

But it seems obvious that Cisco has enhanced the IP stack for the newer Catalyst switches and has included some logic that basically says - if I have no default-gateway and have no default route should I just give up or should I try an alternative that would seem to violate the traditional outlook that you only ARP for local resources. Clearly the behavior is that as a last resort the Catalyst switch does ARP and hopes that the layer 3 device does have proxy arp enabled.

HTH

Rick

HTH

Rick

CSCO11584685 · ‎08-24-2010

ya, following on your logic, i assume that the switch will arp only the packets that are from self. meaning, the switch shouldnt interfere with other host that are arping. otherwise, the switch would cause a chaos in the network.

Richard Burts · ‎08-24-2010

Yes. The ARP is only for packets generated by the switch itself. Any frame sent to the switch by a connected device will be forwarded by the switch using its layer 2 forwarding logic and its layer 2 forwarding table (the mac address table) and the switch would not ARP for these.

HTH

Rick

HTH

Rick