Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
853
Views
0
Helpful
7
Replies

basic route query

Go to solution
raza555
Level 3
Level 3

‎10-30-2012 10:03 AM - edited ‎03-07-2019 09:46 AM

Hi,

We have a server with data ip address 10. 1.1.1 & Mgmt IP- 10.2.1.1 that server is connected to Switch & this Switch had default gateway 10.2.1.2(firewall mgmt ip).

On server static route is configured to send traffic to firewall data interface.

Problem:when I look in firewall logs, I can see traffic from server mgmt ip- 10.2.1.1, but no traffic hit the firewall from server data ip- 10.1.1.1. Is it because Switch should have static route to hit firewall data interface, as using its DG, it just send traffic to firewall mgmt interface?

OR do u think that using DG on switch should be enough, we should investigate possible problem on server data interface.

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to raza555

‎10-30-2012 02:12 PM

What I would do is create a trunk from the switch to the firewall. In the firewall I would create 2 interfaces; inside and mgt. On the switch create 2 VLANS, one for mgt and one for inside. The firewall will be the default gateway for both VLAN's and you can route between the two (and secure) them as necessary. The switch IP would be in the mgt vlan and the servers in the inside vlan.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎10-30-2012 11:43 AM

This issue is actually caused by Windows.

If you have multiple interfaces and you configure a default gateway for each interface, TCP/IP by default automatically calculates an interface metric that is based on the speed of the interface. The interface metric becomes the metric of the default route in the routing table for the configured default gateway. The interface with the highest speed has the lowest metric for its default route. The result is that whenever multiple default gateways are configured on multiple interfaces, the fastest interface will be used to forward traffic to its default gateway.

If multiple interfaces of the same speed have the same lowest interface metric, then, based upon the binding order, the default gateway of the first network adapter is used. The default gateway for the second network adapter is used when the first is unavailable.

In previous versions of TCP/IP, multiple default gateways all had a default route metric set to 1, and the default gateway used depended on the order of the interfaces. This sometimes caused difficulty in determining which default gateway the TCP/IP protocol was using.

The automatic determination of the interface metric is enabled by default through the Automatic metric check box on the IP Settings tab on the advanced properties of the Internet Protocol (TCP/IP) protocol.

You can disable the automatic determination of the interface metric and type a new value for the interface metric.

http://technet.microsoft.com/en-us/library/cc779696(v=ws.10).aspx

0 Helpful

Go to solution
raza555
Level 3
Level 3

‎10-30-2012 12:42 PM

Thank you for very detailed response, apart from this windows issue, do u think that will also part if this problem;

Is it because Switch should have static route to hit firewall data interface, as using its DG, it just send traffic to firewall mgmt interface?

OR do u think that using DG on switch should be enough, we should investigate possible problem on server data interface.

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to raza555

‎10-30-2012 12:45 PM

Is your switch layer 2 or layer 3?

0 Helpful

Go to solution
raza555
Level 3
Level 3
In response to Collin Clark

‎10-30-2012 01:29 PM

Its a L2 switch

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to raza555

‎10-30-2012 01:31 PM

The default gateway in the switch config is only for switch management traffic. It has nothing to do with user traffic (traffic thru the switch).

0 Helpful

Go to solution
raza555
Level 3
Level 3
In response to Collin Clark

‎10-30-2012 01:50 PM

Thanks again, last query to clear my mind.

If server data traffic, which has static route to firewall data interface, but this server had only connection firewall via this L2 switch, & this switch DG is firewall mgmt address, then i think server data traffic will only hit firewall mgmt interface & dropped by anti spoofing in firewall.

Do u think that solution should be to put L3 switch between server & firewall & then configure 2 static route on L3 switch so that server data-subnet goto firewall data interface & server-mgmt subnet goto firewall mgmt interface.

Thanks
Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to raza555

‎10-30-2012 02:12 PM

What I would do is create a trunk from the switch to the firewall. In the firewall I would create 2 interfaces; inside and mgt. On the switch create 2 VLANS, one for mgt and one for inside. The firewall will be the default gateway for both VLAN's and you can route between the two (and secure) them as necessary. The switch IP would be in the mgt vlan and the servers in the inside vlan.

0 Helpful
Customers Also Viewed These Support Documents