Solved: Re: Routing in switch (ip default-gateway command) - Page 2

sergo777 · ‎12-07-2022

Hello,

I have router 1111 and Switch 1000, between them is trunk with 5 VLANs,

default gateways

sitting on the router. Just two VLANs have Internet access (VLAN 10 - via VPN to core router, and VLAN 99 local NAT) -

Switch has

default gateway

command in config

 (ip default-gateway 10.10.10.1)

switch itself 10.10.10.2, and i use this IP for access to switch.

i added one more VLAN 99, and configure test interface 10.10.99.2 on switch (10.10.99.1 is router). This network has NAT and internet access.

i would like to keep -

ip default-gateway 10.10.10.1

but in this case 10.10.99.1 doesnt have internet access, when i change to

ip default-gateway 10.10.99.1

everything works, but this config doesnt work for me, because i have to put some ACLs to VLAN99.

looks weird for me...

MHM Cisco World · ‎12-11-2022

Let explain the packet path

He admin and use router-IP (public) to access SW
the router now use NATing, which he clear before that VLAN10 dont have NAT the VLAN 99 have NATing
so if he use VLAN 10 the traffic end in Router-IP
if he use VLAN 99 the traffic end in SW

the rerun back traffic will use GW, why we need GW because he access from public IP and SW need GW to reply.

so all issue here is VLAN 99 and VLAN 10 not the GW.
he can use VLAN99 to access and use GW to reply.
but again in this case he will use VLAN 99 which need some ACL for Security.

paul driver · ‎12-11-2022

Hello @MHM Cisco World
The OP mentioned changing the DG of the Switch - which i have already stated is irrelevant unless

1- remote-access to that switch is required (including via NAT)

Either case the nat policy will be on the nat rtr which will already have the L3 addressing (d/g) for all vlans

all of which I believe the i have explained so i am not sure what you are on about tbh?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MHM Cisco World · ‎12-11-2022

Case1


two SVI in IOU1 
VLAN10 10.0.0.1
VLAN20 20.0.0.1
no ip routing <<- this L2 SW
ip default-gateway 10.0.0.10

the R1 have two subinterface f0/0.10 10.0.0.10, f0/0.20 20.0.0.10

You can see from R2 we can ping both SVI in SW even if GW in SW is toward 10.0.0.10 we can ping 20.0.0.1 in SW

Case2


two SVI in IOU1 
VLAN10 10.0.0.1
VLAN20 20.0.0.1
ip routing <<- this L3 SW
ip default-gateway 10.0.0.10

the R1 have two subinterface f0/0.10 10.0.0.10, f0/0.20 20.0.0.10

You can see from R2 we can NOT ping any SVI in SW since NOW the SW is L3 not L2

Case3


two SVI in IOU1 
VLAN10 10.0.0.1
VLAN20 20.0.0.1
no ip routing <<- this L2 SW
ip default-gateway 10.0.0.10

the R1 have two subinterface f0/0.10 10.0.0.10 ONLY

You can see from R2 we can ping SVI of VLAN10 but can not ping VLAN20 even if have VLAN20 SVI in IOU1

what I want to clear here of SW is L2 and you have multi VLAN SVI you need only one GW in SW point to any SVI next-hop.

@sergo777 your issue not GW your issue is router interface and I think NAT.