cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
992
Views
5
Helpful
19
Replies

route of 0.0.0.0 0.0.0.0 10.10.10.x will this break other traffic?

ddavis99
Level 1
Level 1

I just posted saying i couldn't get my switch online for management,    the first suggestion was to enter a route of 0.0.0.0 0.0.0.0 10.10.10.254  which is the default gateway on vlan10 where the switch IP resides.  which worked to gain me access to the switch through SSH.
unfortunately i accepted the answer and i cannot reply back to ask follow up questions!

so,
now my question is,  i have traffic on that switch for multiple other vlans which of course have their own gateways, 
did i just route everything at my vlan10 gateway for my firewall to have to figure out?  or is the last resort route just going to route the traffic generated by the switch (aka the management interface)

furthermore,  my firewall is doing l3 routing,  should i just do a #no ip routing   and turn it off on the switch?  i should still be able to get to my switch that's at vlan10  IP 10.10.10.x  255.255.255.0  default gateway 10.10.10.x  right?

 

 

19 Replies 19

The SW is either 

L2 

Or 

L3 

What different between these two mode'

L2 the GW of client in other L3 device which do routing.

In this mode (L2) the mgmt traffic use defualt GW config in SW or default route' the data traffic dont use any routing it brdige to other L3 for routing so defualt route not effect it.

L3 mode the GW of client is in this SW and SW do routing' here both 

Mgmt and data traffic use defualt route' so it effect.

But as I see your SW is pure L2 mode so defualt route not effect any data.

MHM


@MHM Cisco World wrote:

But as I see your SW is pure L2 mode so defualt route not effect any data.


For (hopefully further) clarity (and perhaps quibbling), from what's been described, switch is being used for L2, but it's not running as a pure L2 switch.  Locally sourced traffic (which is some [switch host] data) is being routed.


@ddavis99 wrote:

correct,  all traffic needs inspection by the firewall,  all routing policy between critical segments in the FW are protected and have full logging  this is the route the company took via consultant (before my time)


Okay, in that case, as you suspected you don't need to route on this switch.

Does that mean you should disable routing on it?  Well, first of all, some advanced L3 switches won't allow routing to be disabled, don't know if that applies to yours (probably not).

Secondly, you might argue either way.  Should NOT impact performance.  Disabling L3 could preclude accidental L3 changes impacting your network, conversely, though, if all of sudden you need routing, you'll need to reenable routing.  For L2 management, you'll need to use default-gateway (which can, most likely, be preconfigured before you disable routing).  (One of the nice things about a router or L3 switch, you can use a loopback for management, and if you're doing dynamic routing, can access the device on any possible path.  Likely, you don't have multiple L3 paths.)

All-in-all, in your case, I would lean to disabling routing and treating it as just a L2 switch.

ddavis99
Level 1
Level 1

thanks everyone @Giuseppe Larosa @DanielP211 @Joseph W. Doherty @Richard Burts @Martin L 

I found this very helpful indeed,  I've jumped into understanding SVIs and the way the switch handles the traffic,  plus i regained remote access to my switch!
i tested traffic from a client access vlan port on the switch and its all routing as it should through that vlan interface so you all were correct, the static route of 0.0.0.0 0.0.0.0 10.10.10.254 only affects the vlan10 interface I've assigned an IP to.

i have a long long way to go understanding networks, I'm a sysadmin who hasn't put as much work into understanding networking as i should! but I'm trying to remedy that now.    so i appreciate how helpful you all are even with a fundamental question!

Pure L2 SW 

Have command ""No ip routing"" 

Have one mgmt vlan SVI 

Have defualt GW

L3 SW 

Have command ""ip routing""

Have mgmt vlan svi and other vlan svi

Have defualt route abd static or IGP 

 

After I check both your post you mix both mode 

You run command 

Ip routing 

And have Defualt GW in SW 

These two not work together' if you afraid to add defualt route then use 

Defualt GW command and disable ip routing 

This make your SW pure L2

Goodluck friend 

MHM

Review Cisco Networking for a $25 gift card