Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1211
Views
0
Helpful
6
Replies

3750G - core router switching, best practice?

Go to solution
netguyz08
Level 1
Level 1

‎10-19-2010 03:35 PM - edited ‎03-04-2019 10:10 AM

As a best practice recommended by another network engineer to remove the load on our firewall, I took the routes out and put them in our Cisco 3750G which works a core switch for 10 different locations. Here's the routing I put into the switch:

ip default-gateway 192.168.100.1

ip classless

ip route 192.168.101.0 255.255.255.0 192.168.100.1 20

ip route 192.168.102.0 255.255.255.0 192.168.100.10 20

ip route 192.168.103.0 255.255.255.0 192.168.100.10 20

ip route 192.168.104.0 255.255.255.0 192.168.100.10 20

ip route 192.168.105.0 255.255.255.0 192.168.100.10 20

ip route 192.168.106.0 255.255.255.0 192.168.100.10 20

ip route 192.168.107.0 255.255.255.0 192.168.100.10 20

ip route 192.168.108.0 255.255.255.0 192.168.100.10 20

ip route 192.168.109.0 255.255.255.0 192.168.100.1 20

Just double-checking if this is a best practice, and is helpful? Or if there are other configuration issues I should look into, too? Any other settings I should ensure are in the switch so it all works?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
milan.kulik
Level 10
Level 10

‎10-20-2010 02:11 AM

Hi,

IMHO, you should use

ip route 0.0.0.0 0.0.0.0  192.168.100.1

instead of

ip default-gateway 192.168.100.1

See http://www.cisco.com/application/pdf/paws/16448/default.pdf

for details.

HTH,

Milan

View solution in original post

0 Helpful
6 Replies 6

Go to solution
milan.kulik
Level 10
Level 10

‎10-20-2010 02:11 AM

Hi,

IMHO, you should use

ip route 0.0.0.0 0.0.0.0  192.168.100.1

instead of

ip default-gateway 192.168.100.1

See http://www.cisco.com/application/pdf/paws/16448/default.pdf

for details.

HTH,

Milan

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-20-2010 03:36 AM 

netguyz08 wrote:
As a best practice recommended by another network engineer to remove the load on our firewall, I took the routes out and put them in our Cisco 3750G which works a core switch for 10 different locations. Here's the routing I put into the switch:
ip default-gateway 192.168.100.1
ip classless
ip route 192.168.101.0 255.255.255.0 192.168.100.1 20
ip route 192.168.102.0 255.255.255.0 192.168.100.10 20
ip route 192.168.103.0 255.255.255.0 192.168.100.10 20
ip route 192.168.104.0 255.255.255.0 192.168.100.10 20
ip route 192.168.105.0 255.255.255.0 192.168.100.10 20
ip route 192.168.106.0 255.255.255.0 192.168.100.10 20
ip route 192.168.107.0 255.255.255.0 192.168.100.10 20
ip route 192.168.108.0 255.255.255.0 192.168.100.10 20
ip route 192.168.109.0 255.255.255.0 192.168.100.1 20
 
 
Just double-checking if this is a best practice, and is helpful? Or if there are other configuration issues I should look into, too? Any other settings I should ensure are in the switch so it all works?

Milan is correct, you need to change the ip default-gateway to ip route 0.0.0.0 0.0.0.0 statement.

However it's not really possible to say whether you need to do anythiing else as we have no idea of your topology. The 3750 is acting as core switch, does that mean you are doing inter-vlan routing on the switch ? If so why did you have a default-gateway in the config ??

The routes you have moved from the firewall, does the firewall still need to know about these routes and if it doesn't why not. Simply moving routes from one device to another doesn't mean it will all necessarily work. For example if you were routing your vlans off the firewall and that is why the routes were on the firewall then you can't just move them to the 3750 without moving all the vlan routing to the 3750.

So perhaps if you could clarify -

1) what are these routes for

2) why did the firewall have them in the first place

3) what is the the 3750 actually doing when you say it is a core switch

Jon

0 Helpful

Go to solution
netguyz08
Level 1
Level 1
In response to Jon Marshall

‎10-20-2010 09:06 AM

Jon,

I implemented the ip route that Milan suggested and took out the default-gateway. Did not restart or see an immediate change in traffic (actually looking into some traffic slowness on the network currently). So to answer your questions:

1) The routes are in the switch because there is an MPLS network and a cable connection as the main internet connection. MPLS was the main internet connection, but ties in 10 other offices. The routes send some of the LANs to the firewall because there are IPSec tunnels now with a couple of offices also on cable instead of MPLS. And the other routes are the other offices still on MPLS and go back out the MPLS router.

2) The firewall with all of the routes in them to begin with, was done by the previous IT person. That person apparently was told that it needed to be done at the firewall (which had the cable connection on it) and redirect the internal IPs for the MPLS network back to the appropriate place. These exact same routes are simply moved so the firewall will be unburden by handling routes.

3) The 3750 switch then sits in the middle of the main corporate office, and now routes traffic as described above. It also handles the Cisco IP phones for the main office, and then that is it from what I have seen in the config.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to netguyz08

‎10-20-2010 09:25 AM 

netguyz08 wrote:
Jon,
I implemented the ip route that Milan suggested and took out the default-gateway. Did not restart or see an immediate change in traffic (actually looking into some traffic slowness on the network currently). So to answer your questions:
1) The routes are in the switch because there is an MPLS network and a cable connection as the main internet connection. MPLS was the main internet connection, but ties in 10 other offices. The routes send some of the LANs to the firewall because there are IPSec tunnels now with a couple of offices also on cable instead of MPLS. And the other routes are the other offices still on MPLS and go back out the MPLS router.
2) The firewall with all of the routes in them to begin with, was done by the previous IT person. That person apparently was told that it needed to be done at the firewall (which had the cable connection on it) and redirect the internal IPs for the MPLS network back to the appropriate place. These exact same routes are simply moved so the firewall will be unburden by handling routes.
3) The 3750 switch then sits in the middle of the main corporate office, and now routes traffic as described above. It also handles the Cisco IP phones for the main office, and then that is it from what I have seen in the config.


Okay, that makes sense then. So does the 3750 actually need a default-route and if so it should probably be the firewall i'm assuming because that would be where internet traffic was sent to ?

Jon

0 Helpful

Go to solution
netguyz08
Level 1
Level 1
In response to Jon Marshall

‎10-20-2010 12:20 PM

Jon,

Yes, the default route is sending data over to the firewall to use the cable connection. The firewall has a one route added besides the defaults (it is Sonicwall) which takes the LAN IPs (192.168.0.0/255.255.0.0) and sends them to the switch, with a metric of 100.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to netguyz08

‎10-20-2010 12:24 PM

Then you should be fine.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card