Solved: default-gateway missing but can still ping

tedauction · ‎04-10-2017

Hello, I had a Cisco 2960 (WS-C2960CG-8TC-L, 12.2(55)EX2 ) with no default-gateway configured. Understandably I could not ping out.

The strange thing was that I could ping in from other switches and routers on the network. I put that down to possibly proxy-arp which was enabled on the interfaces.

So, I have added the command 'ip default-gateway 10.50.146.1' (my management IP is 10.50.146.80) however I still cannot ping out unless I use 'ping x.x.x.x source 10.50.148.80'.

Why does my default-gateway command seem to be not working ? The only way I can ping out is by using the Source x.x.x.x command.

I tried to disable proxy-arp but same problem.

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
boot-start-marker
boot-end-marker
!
logging buffered 409600

no aaa new-model
clock timezone NZST 12
clock summer-time NZDT recurring 4 Sun Sep 2:00 1 Sun Apr 3:00
!
!
ip domain-name mediaworks
ip igmp snooping querier max-response-time 25
ip igmp snooping querier timer expiry 205
ip igmp snooping querier
vtp domain mydomain
vtp mode transparent
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
vlan 2-4,6
!
vlan 10
name OFFICE_DATA
!
vlan 20-22,30-31,39
!
vlan 40
name WHET
!
vlan 45-46,66
!
vlan 83
name VF
!
vlan 84,99
!
vlan 110
name OFFICE_VOIP
!
vlan 200
name SWITCH_MGT
!
ip ssh version 2
!
!
interface GigabitEthernet0/1
switchport access vlan 40
switchport mode access
switchport nonegotiate
spanning-tree portfast
!
interface GigabitEthernet0/2
switchport access vlan 40
switchport mode access
switchport nonegotiate
spanning-tree portfast
!
interface GigabitEthernet0/3
switchport access vlan 40
switchport mode access
switchport nonegotiate
shutdown
spanning-tree portfast
!
interface GigabitEthernet0/4
switchport access vlan 40
switchport mode access
switchport nonegotiate
shutdown
spanning-tree portfast
!
interface GigabitEthernet0/5
switchport access vlan 40
switchport mode access
switchport nonegotiate
shutdown
spanning-tree portfast
!
interface GigabitEthernet0/6
switchport access vlan 40
switchport mode access
switchport nonegotiate
spanning-tree portfast
!
interface GigabitEthernet0/7
switchport access vlan 40
switchport mode access
switchport nonegotiate
spanning-tree portfast
!
interface GigabitEthernet0/8
switchport access vlan 40
switchport mode access
switchport nonegotiate
spanning-tree portfast
!
interface GigabitEthernet0/9
description TRUNK1_gi1/0/38
switchport trunk allowed vlan 40,200
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet0/10
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan40
description MYNET
ip address 10.40.236.70 255.255.255.0
!
interface Vlan200
description SWITCH_MGT
ip address 10.50.146.80 255.255.255.0
!

ip default-gateway 10.50.146.1

!
no ip http server
no ip http secure-server
ip sla enable reaction-alerts
logging trap notifications
logging source-interface Vlan200
logging x.x.x.x
banner login ^C
***********************************************************
UNAUTHORIZED ACCESS TO THIS DEVICE IS STRICTLY PROHIBITED.
You must have explicit permission to access or configure
this device. All activities performed on this device may
be logged, and violations of this policy may result in
disciplinary action and may be reported to law enforcement.
There is no right to privacy on this device.
Attempted access and/or use of this system shall constitute
consent to monitoring.
DISCONNECT IMMEDIATELY IF YOU DO NOT HAVE EXPLICIT
PERMISSION TO ACCESS THIS DEVICE.
***********************************************************
^C
!
line con 0
login local
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
ntp server x.x.x.x
end

Jon Marshall · ‎04-10-2017

As a guess, because if the switch is L2 you should not have multiple SVIs and the switch simply uses the first one.

Only a L3 switch should have multiple SVIs and I don't understand why you have an SVI for vlan 40 because it can't be the detault gateway for any clients.

So shut that SVI down and then it should work as expected.

Jon

View solution in original post

Dennis Mink · ‎04-10-2017

Your default gateway is wrong:

ip default-gateway 10.40.146.1

the 10.40.146.0 is not a subnet that exists on your switch.

if your default gateway exists in VLAN 2, make it for instance 10.40.236.x and try again.

Please rate if useful

Please remember to rate useful posts, by clicking on the stars below.

tedauction · ‎04-10-2017

apologies, my typo error.

The default-gateway is as it should be i.e. 10.50.146.1.

Still I cannot ping out to other subnets unless I use the 'source' command.

Jon Marshall · ‎04-10-2017

You have multiple SVIs on this switch, are they both up ? Is this switch meant to be L2 only or L3 with routing.

If it is meant to be L3 replace default gateway with a default route.

Jon

tedauction · ‎04-10-2017

Hello, yes both SVIs are set up. The switch is layer 2 i.e ip routing is not turned on, nor is there an option to do that.

When I run sh cdp neighbors it shows that another switch in VLAN 40 is the only neighbour.

I just don't understand why VLAN 40 would be chosen as the source IP for any pings to foreign networks when I have an explicit 'ip default-gateway 10.50.146.1' (VLAN 200) command set.

Jon Marshall · ‎04-10-2017

As a guess, because if the switch is L2 you should not have multiple SVIs and the switch simply uses the first one.

Only a L3 switch should have multiple SVIs and I don't understand why you have an SVI for vlan 40 because it can't be the detault gateway for any clients.

So shut that SVI down and then it should work as expected.

Jon