Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
829
Views
4
Helpful
7
Replies

2960 switch does not need ip default-gw command

Go to solution
dragonhunt9111
Level 1
Level 1

‎10-26-2023 03:16 AM

Hello friends.

I have a 2960 switch, running OS 15, image LanLite as below

dragonhunt9111_0-1698314474554.png

From my PC (in different subnet with IP MGMT of switch) , I can ssh to switch normarlly.

But when I show running config of switch, the straight thing is thạt : it does not have ip default-gateway command, It only have IP MGMT:

dragonhunt9111_2-1698314813692.png

 

I dont why know when I traceroute to my PC, it still route to gateway normally

traceroute 10.128.40.100 (IP of my PC)
Type escape sequence to abort.
Tracing the route to 10.128.40.100
VRF info: (vrf in name/id, vrf out name/id)
1 10.128.60.1
2 10.128.40.100

I think this image of switch, it default route packet to int vlan mgmt above

Please help to explain.

Thank you!!

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Joseph W. Doherty

‎10-26-2023 06:33 AM

Ah, I may have figured out why traceroute show the results it did.

What was unclear (to me) was why traceroute would show "normal" gateway path when, if proxy ARP is working, your switch would believe your PC is on the connected L2 domain.  (Personal) duh, traceroute shows L3 hops based on what it finds, not what sending host "believes".  I.e., switch ARP table should show your PC's IP with gateway MAC, but traceroute shows each L3's hop IP.

View solution in original post

7 Replies 7

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎10-26-2023 04:12 AM

What comes to mind, w/o defined gateway, switch ARPs for non-connected network and gateway responds (assuming gateway supports proxy ARP).

The forgoing would explain 2 way communication between switch and PC on different networks.  Unsure it explains your traceroute results.

What does switch's ARP table show?

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Joseph W. Doherty

‎10-26-2023 06:33 AM

Ah, I may have figured out why traceroute show the results it did.

What was unclear (to me) was why traceroute would show "normal" gateway path when, if proxy ARP is working, your switch would believe your PC is on the connected L2 domain.  (Personal) duh, traceroute shows L3 hops based on what it finds, not what sending host "believes".  I.e., switch ARP table should show your PC's IP with gateway MAC, but traceroute shows each L3's hop IP.

Go to solution
Torbjørn
Spotlight
Spotlight

‎10-26-2023 04:17 AM - edited ‎10-26-2023 04:26 AM

Could the device in-between you and your switch be NATing your SSH traffic?

Assuming there isn't much traffic going to/from the switch you can verify what ip addresses the switch observes with debug ip packet.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

Go to solution
Martin L
VIP
VIP

‎10-26-2023 04:24 AM

Yes, it seems that nearby router could have static ARP entry set up for switch ... perhaps ... or it has other then /24 mask for 10.128.x.x network or perhaps it is Proxy ARP fault as mentioned by JW.

Regards, ML
**Please Rate All Helpful Responses **

Go to solution
M02@rt37
VIP
VIP

‎10-26-2023 04:45 AM

Hello @dragonhunt9111,

Agree with @Joseph W. Doherty, without a defined gateway, a Cisco switch will ARP for devices outside its directly connected network, and the default gateway (if it supports proxy ARP) will respond, enabling two-way communication between the switch and devices on different networks. This behavior is known as proxy ARP, and it's commonly used to facilitate communication between devices in different subnets.

Regarding the traceroute results and the switch's ARP table, if the switch is configured with an IP address on its management VLAN and is properly communicating with devices in that VLAN, it would indeed ARP for devices outside of its management VLAN. In this case, it would ARP for your PC's IP address (10.128.40.100), and the default gateway (if configured for proxy ARP) would respond.

You can check the switch's ARP table to confirm this: #show arp

You can look for the entry for your PC's IP address (10.128.40.100) and the MAC address of the gateway or router handling traffic between the VLANs.

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
dragonhunt9111
Level 1
Level 1

‎10-26-2023 07:05 PM

Thank all friends,

I have check show arp on my switch; and it shows lot IP (in different subnets) in this table. And my co-worker said that gateway is configured with arp proxy.

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to dragonhunt9111

‎10-26-2023 07:37 PM

Thanks for providing confirmation.

BTW, although proxy ARP works, it's usually more efficient to define the gateway's IP.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card