Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2387
Views
5
Helpful
2
Replies

how can i access to a layer 2 switch without ip default-gateway?

Go to solution
Majid Jalinousi
Level 1
Level 1

‎07-11-2015 10:39 PM - edited ‎03-08-2019 12:55 AM

There is a 2960 switch with a management IP address of 10.199.3.20/24.

My IP address is 10.20.3.251/24 and i connect to the switch over a routing network.

When I checked this switch I found there was no ip default-gateway for the switch but I could connect to the switch from my computer.

How is it possible?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎07-12-2015 03:21 AM

Hi Morteza,

You were able to connect to that switch from a different network because on Catalyst switches, if no ip routing is configured and no ip default-gateway is defined, these switches will simply send an ARP request for every IP packet's destination they need to reach. If the switch connects to a router that has Proxy ARP active, it will respond to this ARP request using its own MAC address. As a result, you will be able to establish connectivity to such a switch. This connectivity comes at a price, though: The ARP cache on the switch can potentially grow very large, depending on how many IP destinations the switch needs to talk to; the ARP traffic can be unreasonably high; if the Proxy ARP functionality is deactivated on the router that is attached to the switch, the connectivity will no longer work.

You can check using show ip arp on your switch to see that there will most probably be several ARP entries recorded, also entries for IP addresses that are outside the switch's management VLAN. This is an indication that the switch relies on Proxy ARP, otherwise it would never ARP for a destination outside its own management VLAN IP space.

It's actually quite insidious, this little featurette on Catalysts.

Best regards,
Peter

View solution in original post

2 Replies 2

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎07-12-2015 03:21 AM

Hi Morteza,

You were able to connect to that switch from a different network because on Catalyst switches, if no ip routing is configured and no ip default-gateway is defined, these switches will simply send an ARP request for every IP packet's destination they need to reach. If the switch connects to a router that has Proxy ARP active, it will respond to this ARP request using its own MAC address. As a result, you will be able to establish connectivity to such a switch. This connectivity comes at a price, though: The ARP cache on the switch can potentially grow very large, depending on how many IP destinations the switch needs to talk to; the ARP traffic can be unreasonably high; if the Proxy ARP functionality is deactivated on the router that is attached to the switch, the connectivity will no longer work.

You can check using show ip arp on your switch to see that there will most probably be several ARP entries recorded, also entries for IP addresses that are outside the switch's management VLAN. This is an indication that the switch relies on Proxy ARP, otherwise it would never ARP for a destination outside its own management VLAN IP space.

It's actually quite insidious, this little featurette on Catalysts.

Best regards,
Peter

Go to solution
Majid Jalinousi
Level 1
Level 1
In response to Peter Paluch

‎07-13-2015 01:28 AM

Thanks for your great answer,

 

0 Helpful
Customers Also Viewed These Support Documents