Solved: remote management cannot access from different subnet: L3 switch (2960XR) with ip default-gateway

Kyujin Choi · ‎10-03-2014

Hi, I was not able to access management port (access port) in 2960XR until I remove "ip routing" from different vlan. (I can access within same subnet)

I have currently one default route "ip route 0.0.0.0 0.0.0.0 x.x.x.x" pointing ISP, so every default route points to ISP.

I have ip default-gatway for mgmt access from different subnet through management port like below.

ip default-gateway 10.254.90.1

I am able to ping withing same subnet. i.e I can ping from 10.254.90.100 to 10.254.90.10 (2960XR) on mgmt port, however I am not able to ping from different subnet.

When I do debug from 2960XR, I could see that ping was received but, 2960XR does not know what to do until I disable "ip routing"

What do I miss?

ghostinthenet · ‎10-03-2014

Sorry... skimmed the first time and missed the management port complexity.

This gets a bit complicated because the management port and the network interfaces share a routing table but don't allow connections between them.

You're on the right track with "ip route 10.254.30.0 255.255.255.0 FastEthernet0" but this requires that the gateway on the other end supports proxy ARP in order to get things to your final destination. Try changing it to "ip route 10.254.30.0 255.255.255.0 FastEthernet0 10.254.90.1" and see if that gets things where they need to go.

View solution in original post

ghostinthenet · ‎10-03-2014

The "ip default-gateway" command is only in use when "ip routing" is disabled, which you've already discovered. In order to keep everything functioning when you have IP routing turned on, your "ip route 0.0.0.0 0.0.0.0" statement should point to the same address that your "ip default-gateway" command does.

Kyujin Choi · ‎10-03-2014

Thanks for your reply, Jody

Then let me ask a question. I am polling SNMP through management port from 2960XR. SNMP server is located in different subnet. (10.254.90.x <-> 10.254.30.x). so without router, it can't reach.

I tried "ip route 10.254.30.x 255.255.255.0 fastethernet 0" to make a static route, but it seems not working. Since this L3 switch is a internet boarder switch, it doesn't have any routing information except default route toward ISP, in other words, I can't make any static route through any interfaces. Like I mentioned before, static route through mgmt port (FastEthernet 0) seems not working properly.

Do you have any suggestion? thanks.

ghostinthenet · ‎10-03-2014

Sorry... skimmed the first time and missed the management port complexity.

This gets a bit complicated because the management port and the network interfaces share a routing table but don't allow connections between them.

You're on the right track with "ip route 10.254.30.0 255.255.255.0 FastEthernet0" but this requires that the gateway on the other end supports proxy ARP in order to get things to your final destination. Try changing it to "ip route 10.254.30.0 255.255.255.0 FastEthernet0 10.254.90.1" and see if that gets things where they need to go.

Kyujin Choi · ‎10-03-2014

Thanks, Jody. it worked.

little bit update. I disabled ip proxy-arp from router (L3) to see whether this makes any difference. It was enabled by default. But it did not work. In other words, L3's proxy-arp feature is not a matter, but just like you mentioned. I needed to define final destination next to interface. Thanks.