Default gateway on switches

So, when you configure a switch to have a default gateway, what are you actually doing? Don't most switches only do logic based on MAC addressing or is this something that is only applicable on layer3 swithces?

Say that you have a network with one big central switch and smaller edge switches, say a 6500 series main switch and 3560 edge switches. Your router is connected to a port on a gig blade on your core. Would you configure a gateway on the edge, on the core, or both?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

mark076h

the ip configurations for switches is used for administration and IOS commands like poing and trace, also you will be able to ping the switch if you give it an ip address and default gateway, if you dont plan on pinging it or pinging from the switches CLI or use remote administration like the web based GUI or telnet then you would never need to worry about configuring the ip settings on the switch.

EdTheLad

You can configure and ip address and a default gateway on a layer 2 switch for management.This gives you the possibility to telnet to the switch and configure remotely.
On the 2950 only one management ip address is supported.All ports by default are assigned to vlan 1 so if you setup an ip address like.
router(config)#interface vlan 1
ip address 10.0.0.1 255.255.255.0

This gives you the ability to telnet to the router from a device connected to the switch sharing the same ip subnet.If you want to connect to devices on other ip subnets you need to setup the default gateway under the vlan interface.In the example you gave above you would assign a default-gateway to all the switches you want remote access to.

You could create a seperate vlan i.e vlan 3 assign ports to this vlan and give it an ip address and gateway as above.This will allow only devices connected to the ports in vlan 3 remote access.

Rearden

What you guys said makes sense, but all of our switches are assigned IP addresses, and not default gateways as far as I know and we have no trouble pinging them.

all of the ips are 10.x.x.x and we only talk to them from within the same subnet, so i guess no default gateway is needed?

EdTheLad

Rearden wrote:

we only talk to them from within the same subnet, so i guess no default gateway is needed?

Correct!

loboernesto

On the 2950 only one management ip address is supported

does this apply to 2900 switches aswell??
I'm also a bit confused by this... I can assign more than 1 ip address to my 2900 switch. It goes as a subinterface though:

Switch2900(config)#int vlan 1
Switch2900(config-if)#ip address 10.0.0.1 255.255.255.0
Switch2900(config-if)#int vlan2
Switch2900(config-subif)#ip address 10.0.1.1 255.255.255.0
Switch2900(config-subif)#end
Switch2900#show ip int brief

00:11:36: %SYS-5-CONFIG_I: Configured from console by console
Interface IP-Address OK? Method Status Prot
ocol
VLAN1 10.0.0.1 YES manual up up

VLAN2 10.0.1.1 YES manual administratively down down

FastEthernet0/1 unassigned YES unset down dow

But I'm not sure about the use of this subinterface...why is it an subinterface and not an interface?? Which port do a use to ping this subinterface?.
Can anyone explain me this please? thanks

malcybood

ed_the_lad wrote:

Rearden wrote:

we only talk to them from within the same subnet, so i guess no default gateway is needed?

Correct!

My theory was.........

We do not always talk to switches from the same subnet. No default gateway is needed if you only have one subnet to deal with then you could telnet to and manage the switch without coming in through a default gateway from any workstation on that subnet, yeh sure.

However if you wanted to configure the switch from a different subnet over a WAN you would.

If you were on the 10.20.12.x subnet in head office and want to configure a switch in a remote office on 10.44.2.x subnet the switch would need an ip address, S/M and default gateway.

The remote switches default gateway would be set as the remote site's router address

remoteswitch config settings on VLAN1

IP - 10.44.2.2
S/M - 255.255.255.0
Dafault Gateway - 10.44.2.1 (Local router)

Is this not correct? If not why not?

loboernesto

You are right, the switch that you will ping needs a default gateway if it's on a different broadcast domain in which case the switch's default- gateway would be the router's interface on the switch broadcast domain.
I think that what Rearden was talking about :

all of our switches are assigned IP addresses, and not default gateways as far as I know and we have no trouble pinging them.

I think that the network his talking about is network with only one broadcast domain and a router that connects to the internet (in the most simple of the cases). So unless you want to manage those switches remotely (accessing the router via internet in this case) you don't need default gateway.

Am i right rearden??

But anyway, what you said malcybood is right to me.

cheers

Rearden

It's a college campus with a few hundred switches. The campus has a full class B block of addresses. Until a few months ago, these switches had IPs in our public address space. We then moved them to their own private subnet, and placed a few servers in that subnet as well. So, there are 3 or four machines that exist on both our public range and the private subnet for managing the switches. This way, someone needs an account on one of these servers to even try to access these switches.

keenon

well at least you have an understanding.. i once was told that a switch with an ip address is L3

i quickly booted him from my work site