Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

What exactly does the "ip default-gateway x.x.x.x" command do on a switch?

Guys, curious question... I have a 6509 (core sw) and 4 3560 switches connected to this 6509. Each of these 4 switches has its management IP configured.

The management IP addresses of the switches sit on subnet 10.10.5.0/24

From one of these switches, I start pinging hosts which reside in other VLANs (for example, 10.10.20.3) and the switch will not know how to get (ping) to the host if it wasn't for the “ip default-gateway 10.10.5.1” command configured on the switch. Is this correct assumption? Can you please correct me if I am wrong here?

Exactly what this “ip default-gateway x.x.x.x” command does when configured on a switch?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: What exactly does the "ip default-gateway x.x.x.x" command d

What is 10.10.6.1 ?

You are correct in what you say that the first hop reported should be 10.10.5.1 based on the topology described.

Jon

20 REPLIES
Hall of Fame Super Blue

Re: What exactly does the "ip default-gateway x.x.x.x" command d

Angel

The "ip default-gateway x.x.x.x" command serves the same purpose as the default-gateway on a server or client pc. It basically tells the switch that to get to any remote network it should send the packet to it's default-gateway.

If the switch didn't have a default-gateway then you would only be able to ping other machines on the same subnet.

Note that if you have a L3 switch which you want to route then you don't give it a default-gateway you give it a default route.

Jon

New Member

Re: What exactly does the "ip default-gateway x.x.x.x" command d

Great. Now, if I uplink another 3560 (let's call this sw2) to one of the current 3560s that are currently connected to the 6509, in theory I should not have any problems placing hosts into one of this sw2 ports right?

For example, there should not be any problems if I need to put a PC into port gig0/43 of sw2 and place this port into VLAN 40 (switchport access vlan 40)… right? In theory, this PC should be able to ping other PCs which reside on the same VLAN40 but are physically connected to the other 3560s which are directly connected to the 6509…. Right?

I am getting to a point here but before I do, I need to be sure I understand the process 100%.

Let me know

Hall of Fame Super Blue

Re: What exactly does the "ip default-gateway x.x.x.x" command d

"Now, if I uplink another 3560 (let's call this sw2) to one of the current 3560s that are currently connected to the 6509, in theory I should not have any problems placing hosts into one of this sw2 ports right?"

This should be fine as long as vlan 40 exists on the new switch and it is allowed across the link between the new 3560 and the existing 3560 whether that link is an access port in vlan 40 or a L2 trunk.

Note that this has nothing to do with the "ip default-gateway ..." on the switch. That is purely for the switch to communicate with devices outside it's subnet but it is not used for user traffic. If you removed the "ip default-gateway x.x.x.x" from the switch a pc connected to your new 3560 in vlan 40 should still be able to communicate with other devices on vlan 40 and outside vlan 40 as long as there is a L3 SVI for vlan 40 on the 6500.

The reason you need to default-gateway on the switch is so you can access it from a remote subnet for management.

Jon

New Member

Re: What exactly does the "ip default-gateway x.x.x.x" command d

It looks like the link between the new 3560 and the existing 3560 is a L2 trunk. I checked the port settings on sw2 (the new 3560) and there is only one statement (end). So I then checked the trunk status on sw2 (“sh int trunk”) and indeed port 0/51 on sw2 is in “trunking” status and VLAN 40 is one of the many “Vlans allowed and active in management domain”

Now, I follow you very clear. But here is a bit of unexpected behaviors from my part but could be “expected” but I don't know so this is why I need the confirmation from the big cats…. I have this sw2 configured with a management IP address of 10.10.5.21. I have confirmed what you just mentioned about the ”ip default-gateway x.x.x.x” because I've configured one and then taken it out and I still have connectivity from the sw2 to other hosts on the same subnet (10.10.5.0).

But when I have “ip default-gateway 10.10..5.1” configured on sw2, and I ping the outside, I can get out successfully but when I do a “trace 4.2.2.2” from sw2, the first hop I hit is 10.10.6.1 and then the 2nd and then the rest of them til hop 30 are plain asterists. Shouldn't the 10.10.5.1 address appear as the first hop out to the internet as this is the IP address on the VLAN 1 interface on the 6509?

Hall of Fame Super Blue

Re: What exactly does the "ip default-gateway x.x.x.x" command d

What is 10.10.6.1 ?

You are correct in what you say that the first hop reported should be 10.10.5.1 based on the topology described.

Jon

New Member

Re: What exactly does the "ip default-gateway x.x.x.x" command d

It is the IP address of one of the VLAN interfaces configured on the 6509:

interface Vlan6

description PBX

ip address 10.10.6.2 255.255.255.0

no ip redirects

standby 6 ip 10.10.6.1

standby 6 timers 3 5

standby 6 priority 110

standby 6 preempt

New Member

Re: What exactly does the "ip default-gateway x.x.x.x" command d

Would you know why was I getting the wrong IP as the first hop whenever I was doing traces?

Hall of Fame Super Blue

Re: What exactly does the "ip default-gateway x.x.x.x" command d

It's not obvious. Can you post the following outputs

on your new switch

1) sh ip route

2) sh run

3) sh int trunk

on the 3560 switch that is between your new switch and the 6500

same as above

On the 6500

sh ip int brief

Jon

New Member

Re: What exactly does the "ip default-gateway x.x.x.x" command d

#sh ip route

Default gateway is 10.10.5.1

Host Gateway Last Use Total Uses Interface

ICMP redirect cache is empty

#sh int trunk

Port Mode Encapsulation Status Native vlan

Gi0/51 auto n-802.1q trunking 1

Port Vlans allowed on trunk

Gi0/51 1-4094

Port Vlans allowed and active in management domain

Gi0/51 1,5-7,10-11,30,70,80,99-100,110-111,190,200,203,205,213,252-253,972,998-999

Port Vlans in spanning tree forwarding state and not pruned

Gi0/51 1,5-7,10-11,30,70,80,99-100,110-111,190,200,203,205,213,252-253,972,998-999

I have attached the running config of the new 3560. I do not have access to the old 3560 nor to the 6509, but I do have their current running configs printed out.

There is no "ip routing" enabled on the old 3560

Hall of Fame Super Blue

Re: What exactly does the "ip default-gateway x.x.x.x" command d

Angel

There are more than one vlan L3 interface on this switch which doesn't really make sense because the switch is not in routing mode. So none of the L3 vlan interfaces are in use other than vlan 1.

Do you know why there are so many other vlan interfaces ie.

vlan 6,10,20,30,99 & 100

Also you have this in your config -

interface GigabitEthernet0/49

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 5,6,10

switchport mode trunk

switchport nonegotiate

what is on the other end of this trunk link.

If this switch is meant to be purely L2 switch then it is not configured as i would expect.

Jon

New Member

Re: What exactly does the "ip default-gateway x.x.x.x" command d

Jon, thank you very much for all all the help, as always, you are from another world!!

Just disregard the 0/49 port. It is not connected to anything (int shows as down).

For the first question, those are good questions because alhough I have not enabled ip routing, I will eventually do so and those vlan L3 interfaces will be the "default gateways" for the hosts on those VLANs. By having them in there in this still pure L2 switch, will it do any harm to the network?

See, right now the 6509 is the core switch and all L3 interfaces are configured in there. The hosts on those VLANs (vlan 6, 10, 20, etc) are currently working properly and with no problem. All those L3 interfaces IP addresses end with a .1 so the "L3" vlan interfaces I have configured on the still pure L2 switch (new 3560) have IP addresses that end with .254. I've done this so there will be no conflict.

The reasoning behind all this is that the current infrastructure, as you might have figured it out already:

internet router <--- 6509(core) <--- 8 3560s

will be taken down and replaced by

internet router <--- 1 3560(core) <--- 1 3560

So, this is why there is a new 3560 trunked to one of the 8 old 3560s to start the transition. During the transition period the old infrastructure and the new one will be up and running simultaneously until all devices are finally moved to the new network.

There is a new internet connection with an 1841 as the internet router which will be part of the new network. This is already connected to a 3560 and this is the 3560 which I am referring to. We're calling this sw2

This sw2 is trunked to one of those 8 3560s currently on the old network. So this is the reason why the L3 interfaces are setup on sw2, although this sw2 has not yet been enabled as a L3 switch.

New Member

Re: What exactly does the "ip default-gateway x.x.x.x" command d

Also, please note that this is a bit messy as I just inhereted this case hours ago. The customer claims that all his IP phones went down few days ago when the old IT guys were trying to "bidge" these 2 networks.

Out of all multiple VLANs currently in place in the old network, they will only be staying with 4 and these 4 VLANs will obviously be residing on the new network and all those hosts will be moved there. The reason for the "bridge" is because there are servers on the new network that need LOTs of data from old legacy equipment. There will be a time where I think those new servers will be residing on the new network, with their new default gateways pointing to the new internet connections and at the same time those new servers will still need access to the old hosts which will be sitting at the old network.

So I am trying the find out how to best approach this without conflicting anything. I guess one of my main questions was the question of having 2 L3 switches operating at the same time on the same network? Will the hosts that will still be sitting at the old network be smart enough (their default gateways pointing to the L3 interface on the 6509) to ping anything on their subnet including hosts which will be physically connected to the new network 9and their default gateway pointing to the L3 interfaces of the 3560)? I want to think that in theory yes because is traffic within the same subnet , right?

Hall of Fame Super Blue

Re: What exactly does the "ip default-gateway x.x.x.x" command d

Angel

Apologies for the delay in replying, happy new year to you !

One possible solution is instead of trying to bridge you could run HSRP between the 6509 and the 3560 switch for the L3 vlan interfaces although you would probably want to connect your new 3560 (sw2) directly into the 6500.

If you connected these up with a L2 trunk you could then run HSRP between the 6509 and the new 3560. When you have finally migrated off the 6500 totally you just shutdown the L3 vlan interfaces on the 6500 and the 3560 one's become active.

If you want to avoid have to setup up new default-gateways on all your servers you could readdress the 6500 L3 vlan interface addresses and use .1 as the HSRP VIP. Then when you shut the 6500 interfaces down .1 will move across the 3560.

Any thoughts ?

Jon

Hall of Fame Super Blue

Re: What exactly does the "ip default-gateway x.x.x.x" command d

One other question i forgot to ask. Any reason why you are removing a 6500 from the core to replace with a 3560 ? - just interested.

Jon

New Member

Re: What exactly does the "ip default-gateway x.x.x.x" command d

Not a single clue. There's an "it person" on-site who's calling the shots. He got these people to do their network migration but all was a disaster. So I got called and all I know is that he wants to move from that big network to end up with only an 1841, and 2 3560s.

Any clues on my earlier questions?

Hall of Fame Super Blue

Re: What exactly does the "ip default-gateway x.x.x.x" command d

Still not sure about next-hop and what is going on there.

Did you see other response i posted today about using HSRP between the 6500 and the new 3560 ?

As for having all the L3 vlan interfaces on the new 3560 but still have ip default-gateway, that should be fine. The switch will ignore the vlan interfaces until you enable "ip routing".

Jon

New Member

Re: What exactly does the "ip default-gateway x.x.x.x" command d

Hi Jon, happy new year!

I skip your earlier response about the HSRP. I think this might not work because during the transition period of this migration, there will be hosts on both networks (and yes the hosts have different default gateways) that will need to be communicating to the outside. So in other words, during this "bridge", hosts connected to the new switch will have a default gateway IP address of that of the 1841 and the hosts still connected to the old network will have their default gateway IP of that of the L3 interfaces configured on the 6509. Also because we are on the "transition" period, although the hosts will have different gateways, they should still be able to communicate to each other as there is no need for default gateway (routing) if traffic contained within the same subnet.

And this I will need you to confirm.... meaning, once I have the 3560 enabled with IP routing, and the hosts connected to this switch have their default gateway IPs pointing to the L3 interfaces configured on this 3560 (the L3 VLAN interfaces with IPs ending in .254), will these hosts still be able to properly communicate with hosts which will still be connected to the switches connected to the 6509?

Hall of Fame Super Blue

Re: What exactly does the "ip default-gateway x.x.x.x" command d

Angel

"And this I will need you to confirm.... meaning, once I have the 3560 enabled with IP routing, and the hosts connected to this switch have their default gateway IPs pointing to the L3 interfaces configured on this 3560 (the L3 VLAN interfaces with IPs ending in .254), will these hosts still be able to properly communicate with hosts which will still be connected to the switches connected to the 6509?"

Yes as long as the 3560 is connected via L2 to the 6500 which you say it is ie.

6500 -> L2 trunk -> old 3560 -> L2 trunk -> new 3560

but the fact the they are connected via L2 is why HSRP might be the best approach.

You've confused me though - "hosts connected to the new switch will have a default gateway IP address of that of the 1841"

i though the host would have default-gateways set on the new 3560. Just so my understanding is clear

You have

internet router -> 6500 -> 3560(s)

you will be having

internet router -> 3560(1) -> 3560(s)

Is 3560(1) the new sw2 with the L3 SVI's. And during transition you will have

internet router -> 6500 -> 3560 -> 3560(1) ?

Where i am confused is this statement -

"there will be hosts on both networks (and yes the hosts have different default gateways) that will need to be communicating to the outside."

my point was of the 6500 and new sw2 are connected at L2 then they don't need to have different default-gateways ie. just use HSRP and use the virtual address.

Perhaps there is something in your topology i'm not understanding ?

Jon

New Member

Re: What exactly does the "ip default-gateway x.x.x.x" command d

""You've confused me though - "hosts connected to the new switch will have a default gateway IP address of that of the 1841"""

You're right. I meant to say 'hosts connected to the new switch will have a default gateway IP address of that of the L3 VLAN interface which will be configured on this new switch (the ones ending with .254)

"i though the host would have default-gateways set on the new 3560. Just so my understanding is clear "

Once again, you are right. The hosts will have default gateways set on the new 3560.

""Where i am confused is this statement -

"there will be hosts on both networks (and yes the hosts have different default gateways) that will need to be communicating to the outside."

my point was of the 6500 and new sw2 are connected at L2 then they don't need to have different default-gateways ie. just use HSRP and use the virtual address.

Perhaps there is something in your topology i'm not understanding ? ""

Yes, I have to admit, this whole thing is a bit messy. The 2 networks are completely different and both have their own internet connection.

Actually, and with your help, I presented my game plan to the guy but told him that if I had to choose, I would have never gotten this far to give him what he needs. To this comment, he stated that he was following the advise he had been given by the old IT. Basically what he has is the network that I told you: the one with a perimeter router, the 6509, and 8 3560s. In this network, he has like 50 VLANs. His company is down-sizing big time and he called in for help. Out of those VLANs he will only need like 5 of them on the new network. So I advised him to do the following based on what he will have after the cut (one 1841 and 2 3560s): The 1841 will replicate the duty of that of his current perimeter router. Then one of the 2 3560s will act as his old 6509 (core switch) and the second 3560 will just be connected to this "core" switch so his network can have more available ports. This way, the network will be configured exactly as that of his current network, and once he is ready to cut over, all he has to do is physically move his devices into the new switches. Thus, it will be a plug-and-play.

This is exactly what he was looking, so we are now going this route.

New Member

Re: What exactly does the "ip default-gateway x.x.x.x" command d

Jon, by the way, thank you again for the lecture. Thru the process, you answered all my questions I had, especially the original ones on the "default-gateway" command on the switches. All my respects go to you and everyone else on cisco forums.

Going back to thread, I have never used HSRP for a scenario like the one I have right now. I have used HSRP just for router's redundancy but that is about it.

507
Views
20
Helpful
20
Replies