×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

remote management cannot access from different subnet: L3 switch (2960XR) with ip default-gateway

Answered Question
Oct 3rd, 2014
User Badges:

 

 

 Hi, I was not able to access management port (access port) in 2960XR until I remove "ip routing" from different vlan. (I can access within same subnet)

 I have currently one default route  "ip route 0.0.0.0 0.0.0.0 x.x.x.x" pointing ISP, so every default route points to ISP.  

 I have ip default-gatway for mgmt access from different subnet through management port like below. 

  ip default-gateway 10.254.90.1 

 I am able to ping withing same subnet. i.e I can ping from 10.254.90.100 to 10.254.90.10 (2960XR) on mgmt port, however I am not able to ping from different subnet. 

 When I do debug from 2960XR, I could see that ping was received but, 2960XR does not know what to do until I disable "ip routing" 

 What do I miss? 

Correct Answer by Jody Lemoine about 2 years 10 months ago

Sorry... skimmed the first time and missed the management port complexity.

This gets a bit complicated because the management port and the network interfaces share a routing table but don't allow connections between them.

You're on the right track with "ip route 10.254.30.0 255.255.255.0 FastEthernet0" but this requires that the gateway on the other end supports proxy ARP in order to get things to your final destination. Try changing it to "ip route 10.254.30.0 255.255.255.0 FastEthernet0 10.254.90.1" and see if that gets things where they need to go.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jody Lemoine Fri, 10/03/2014 - 10:31
User Badges:
  • Gold, 750 points or more
  • Community Spotlight Award,

    Member's Choice, April 2016

The "ip default-gateway" command is only in use when "ip routing" is disabled, which you've already discovered. In order to keep everything functioning when you have IP routing turned on, your "ip route 0.0.0.0 0.0.0.0" statement should point to the same address that your "ip default-gateway" command does.

Kyujin Choi Fri, 10/03/2014 - 13:25
User Badges:

 

 Thanks for your reply, Jody

 Then let me ask a question. I am polling SNMP through management port from 2960XR. SNMP server is located in different subnet. (10.254.90.x <-> 10.254.30.x). so without router, it can't reach. 

 I tried "ip route 10.254.30.x 255.255.255.0 fastethernet 0" to make a static route, but it seems not working. Since this L3 switch is a internet boarder switch, it doesn't have any routing information except default route toward ISP, in other words, I can't make any static route through any interfaces. Like I mentioned before, static route through mgmt port (FastEthernet 0) seems not working properly. 

 

 Do you have any suggestion? thanks. 

 

 

 

 

 

 

Correct Answer
Jody Lemoine Fri, 10/03/2014 - 13:36
User Badges:
  • Gold, 750 points or more
  • Community Spotlight Award,

    Member's Choice, April 2016

Sorry... skimmed the first time and missed the management port complexity.

This gets a bit complicated because the management port and the network interfaces share a routing table but don't allow connections between them.

You're on the right track with "ip route 10.254.30.0 255.255.255.0 FastEthernet0" but this requires that the gateway on the other end supports proxy ARP in order to get things to your final destination. Try changing it to "ip route 10.254.30.0 255.255.255.0 FastEthernet0 10.254.90.1" and see if that gets things where they need to go.

Kyujin Choi Fri, 10/03/2014 - 13:57
User Badges:

 

 Thanks, Jody. it worked. 

 little bit update. I disabled ip proxy-arp from router (L3) to see whether this makes any difference. It was enabled by default. But it did not work. In other words, L3's proxy-arp feature is not a matter, but just like you mentioned. I needed to define final destination next to interface. Thanks. 

Actions

This Discussion