OK for Default Gateway to be in Different Subnet?

Discussion in 'Cisco' started by bobneworleans, Sep 20, 2005.

  1. I'm helping some folks with their network and I want to make minimal
    changes to it. Their IP address scheme is inconsistent because several
    successive people have made changes. A manageable switch has it's
    default gateway set to the inside interface of their router in a
    different subnet.

    I know that the "proper" way to handle this situation is to assign the
    router interface a secondary address in the switch's network and point
    the switch's default route to it. But I wonder if there is any reason
    that things won't work just fine as they are.
     
    bobneworleans, Sep 20, 2005
    #1
    1. Advertisements

  2. bobneworleans

    Cen Guest

    When the switch wants to reach another IP belonging to a different network,
    it will attempt to forward the packet to its configured default gateway. In
    your case, the default gateway is in a different network - it won't arp for
    it - there's no way to forward the packet because it doesn't know the MAC
    address of the gateway.

    A solution could be using proxy arp (depending on your current IP addressing
    of course)
    http://www.cisco.com/warp/public/105/5.html
     
    Cen, Sep 20, 2005
    #2
    1. Advertisements

  3. I see I left out an important fact: the switch is on a different
    logical network but the same physical network. When it ARPs for the
    MAC address of the gateway, won't the router see the broadcast and
    reply?
     
    bobneworleans, Sep 20, 2005
    #3
  4. bobneworleans

    Merv Guest

    If it functions today it is because the router interface is configured
    for proxy-arp (sh ip interface). It is not a particularly good idea
    from a security perspective to have IP proxy-arp enabled.
     
    Merv, Sep 20, 2005
    #4
  5. bobneworleans

    Cen Guest

    It depends.
    If your switch IP/subnetmask config is such that the router it's trying to
    reach does not belong to its own network, it won't even attempt to send ARP
    requests.
     
    Cen, Sep 20, 2005
    #5
  6. Cen,
    Thanks, I understand. I suppose I could play with the mask, but I
    don't think I'll persue that path.

    If I recall correctly, there's a way to permanently map a MAC addr to
    an IP address. What's this called? Do most manageable switches have
    this feature?

    BellSouth is the ISP and they own the router at this site. In order to
    add a secondary address to the router's inside interface, I have to
    call them.
     
    bobneworleans, Sep 20, 2005
    #6
  7. bobneworleans

    Merv Guest

    Is the managed switch reachable from the router ?

    Is their an ARP entry for the default gateway in the switches ARP cache
    ?
     
    Merv, Sep 20, 2005
    #7
  8. Merv,
    I can ping the router from the switch but the IP address of the router
    does not appear in the switch's ARP table. How does this work?

    I cannot obtain even the low-level password to log into the router to
    ping the switch. I can try to ping the switch from the outside tonight
    at home.
     
    bobneworleans, Sep 20, 2005
    #8
  9. bobneworleans

    Merv Guest

    Can you post the switch config ( without passwords of course)?
     
    Merv, Sep 20, 2005
    #9
  10. bobneworleans

    Merv Guest

    Can you telnet to the switch ?
     
    Merv, Sep 20, 2005
    #10
  11. Merv,
    It's not a Cisco switch so the config is not what we're used to seeing,
    but I've pasted some info below with public address of gateway munged.
    I can telnet to the switch from the inside with no problem. I will try
    from home tonite.

    SS3R24i:4#show switch
    Command: show switch

    Device Type : SS3R24i Fast-Ethernet Switch
    Module Type : SSmx 1-port GBIC Gigabit Ethernet and 1
    Stacking Port
    Unit ID : 1
    MAC Address : 00-02-41-00-62-C0
    IP Address : 192.168.168.89 (Manual)
    VLAN Name : default
    Subnet Mask : 255.255.255.0
    Default Gateway : xxx.yyy.95.1
    Boot PROM Version : Build 2.00.001
    Firmware Version : Build 3.00-B24
    Hardware Version : 2B1
    Device S/N :
    System Name :
    System Location :
    System Contact :
    Spanning Tree : Disabled
    GVRP : Disabled
    IGMP Snooping : Enabled
    RIP : Enabled
    DVMRP : Disabled
    PIM-DM : Disabled
    OSPF : Disabled
    TELNET : Enabled (TCP 23)
    WEB : Enabled (TCP 80)
    RMON : Disabled
     
    bobneworleans, Sep 20, 2005
    #11
  12. I have some new info which somewhat contradicts what I said earlier:
    I can ping the router from my workstation connected to a switch port
    but cannot ping the router when I'm logged into the switch using the
    CLI.

    This makes perfect sense given the ARP issue Cen mentioned. I will
    investigate if I can create static mapped entries.
     
    bobneworleans, Sep 20, 2005
    #12
  13. bobneworleans

    Merv Guest

    If you can ping the router interface form your PC, then I assume you PC
    has an address in the router's IP subnet.

    That being the case then why not just change the switch managment
    address to also be in the current router IP subnet ???
     
    Merv, Sep 20, 2005
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.