Solved: Re: two exit routes

suthomas1 · ‎03-09-2018

Hello,

An access switch is connected to two routers.

The switch has a single default route to one of the routers.

Is it possible to add another default route on this switch(keeping the original one as it is) without any issues? Will adding a second default remove the first default?
The first default can't be removed totally as this is still in testing.

Please help.Thanks.

Richard Burts · ‎03-17-2018

Here are answers to the questions.

1) you have two places with helper address configured. It can work from either place. If you leave it configured in both places then the result will be that two requests are sent to the DHCP server (one from the switch interface and one from the router interface). I would suggest that the helper address is most appropriate on the interface that is serving as the gateway for devices in the subnet, which is probably the router interface.

To go a little deeper into this I notice that the discussion says that the router and switch are connected by a trunk, which implies that there are multiple vlans. The config shows just one. If there are multiple vlans then there should be multiple subinterfaces on the router (one for each vlan) and one SVI on the switch (to act as its management interface). In this case, for consistency, I would suggest that the helper address for vlan 1 be on the same platform as the helper address for other vlans, so place it on the router.

2) If the switch has both default route and default gateway then which one is used depends on the operating mode of the switch. If it is in layer 3 operation then the default route is used. If the switch is in layer 2 operation then the default gateway will be used.

Julio makes the point that if ip routing is enabled then the ip default-gateway is not needed and can be removed. It is correct that it can be removed. And many people do remove it. But as I pointed out in a previous response it does no harm to leave it in the config and it can provide insurance in the case where the switch reverts to layer 2 operation.

HTH

Rick

HTH

Rick

View solution in original post

Mark Malone · ‎03-09-2018

Hi
if the switch is l3 capable you can have multiple default routes in place , if its pure layer 2 no
if the routes are equal it will lb the traffic , wont be exactly perfect load balancing though
ip route 0.0.0.0 0.0.0.0 g0/0
ip route 0.0.0.0 0.0.0.0 g0/1

randreetta · ‎10-30-2019

Using physical interfaces in static routes is in my opinion reccomended, but together with the next-hop. Otherwise for every destination ip address, the l2 switch would send an arp request through that interface, in case proxy arp is working the router will answer, the arp table of the l2 switch will be populated and things will work. But it's gonna take more time and cosume more resources.

Julio E. Moisa · ‎03-09-2018

Hi,

Yes, you can but I recommend use floating static routes, for example:

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.2 20

So the primary path will always be the default route with lowest Administrative distance (by default is 1) once the connectivity is down between the switch and primary router it will use the second path.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Richard Burts · ‎03-09-2018

The original post is not clear about what kind of switch this is. But when the original post describes it as an access switch I believe it is reasonable to assume that it is a layer 2 switch. The responses about configuring multiple static default routes or about configuring a floating static default route are based on the assumption that they are dealing with a layer 3 switch. I do not believe that multiple static default routes or floating static default routes are supported on a layer 2 switch. A layer 2 switch uses the ip default-gateway command. I believe that if you configure a second ip default-gateway command that it will replace the original gateway command.

There is a way to achieve the redundancy that the original post asks about.

1) connect two access ports on the switch to the routers.

2) assign the access ports to the management vlan (or if there is not a management vlan then assign to some appropriate vlan).

3) configure an SVI on the switch for that vlan and assign an IP address to that SVI.

4) configure IP addresses on each router interface in the subnet of that vlan.

5) configure HSRP on the router interfaces.

6) configure the ip default-gateway of the switch to be the shared virtual address of HSRP.

This would provide redundancy and failover for management traffic of the switch.

HTH

Rick

HTH

Rick

suthomas1 · ‎03-13-2018

Sorry for not mentioning in original post. This is a 3560 & currently only has one default gateway entry.

Julio E. Moisa · ‎03-13-2018

Hi

No worries, Could you please share a topology and the switch configuration?.

Thank you in advance

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

suthomas1 · ‎03-15-2018

Sorry, i couldn't respond back in time.
I will try these configurations later on.

With this switch currently only having a default gateway on it, what will be the behaviour if we add a default route also but to a different next hop ip address (that is connected via another uplink)?

Will the original default gateway be overwritten by new route statement? Or
will both coexist & act as gateway in both cases?

Thanks again.

Julio E. Moisa · ‎03-15-2018

Hi

The current will not be overwritten, they will coexist on the same router. But it could generate an undesired behavior. That is the reason you need to specify who will be your primary and secondary path through administrative distance.

Example:

ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip route 0.0.0.0 0.0.0.0 2.2.2.2 100 (it will be the secondary path)

Now it also depends if you want to have load balance.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Joseph W. Doherty · ‎03-15-2018

To add to Julio's information, and if I remember correctly, if you add a default route, if the switch is in L2 mode (i.e. routing not enabled), it shouldn't use it, if in L3 mode (routing enabled) it shouldn't use the default gateway.

Richard Burts · ‎03-15-2018

Joseph makes exactly the point that I was suggesting in my previous response. So +5 to Joseph. We tend to talk about default route and default gateway as if they are the same. While they do serve much the same purpose they are quite different in terms of the environment in which they operate. Default route operates when the device has enabled layer 3 forwarding (so router and layer 3 switch can use this). default gateway operates when layer 3 forwarding is not enabled (so host or layer 2 switch or layer 3 switch which has not enabled ip routing can use this). A device can potentially be configured with both a default route and a default gateway. Which one will be used is dependent on the operating mode of the device - is it a layer 3 forwarder or is it a layer 2 forwarder?

There are sometimes posts where some layer 3 device has configured ip default-gateway. In those posts someone will frequently say that you should not configure default gateway on a layer 3 device. My typical response is that while default gateway will not be used when the device is operating as layer 3 that it might be considered insurance to cover cases where the device may be operating as a layer 2 device.

HTH

Rick

HTH

Rick

suthomas1 · ‎03-16-2018

Thanks for everyones reply. That helped me.
I have a question regarding the l2 or l3 functioning of a switch as Joseph mentions; How to determine if the switch is enabled for l2 or l3 mode- will it be by means of seeing if ip route is in use or ip default gateway is being used?
Now, the other question i have is regarding the setup- so this one has a cisco 890 series small office router with a 3560 switch.
Router has one of the interface Fa2 as trunk to the 3560 switch. Router has vlan 1 configured. The switch has both ip route & ip default gateway statements.Here is the brief config & my questions to it;

Cisco 3560>
int vlan 1
ip address 192.168.100.2 255.255.255.0
ip helper-address 192.168.200.1

ip route 0.0.0.0 0.0.0.0 192.168.100.1
ip default gateway 192.168.100.1

Router-890>

int fas1
switch trunk encapsulation dot1q
switchport mode trunk
des to Switch

int vlan 1
ip address 192.168.100.1 255.255.255.0
ip helper-address 192.168.200.1

1) where should the helper address be more appropriate - on the switch or router?
2) which will be used on the switch - default route or default gateway?

Appreciate your help. Thanks.

Julio E. Moisa · ‎03-17-2018

Hi,

If your device is working as Layer 3, you don't need the command ip default-gateway, so it can be removed.

no ip default gateway 192.168.100.1

It is useful on Layer 2 devices only.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Richard Burts · ‎03-17-2018

Here are answers to the questions.

1) you have two places with helper address configured. It can work from either place. If you leave it configured in both places then the result will be that two requests are sent to the DHCP server (one from the switch interface and one from the router interface). I would suggest that the helper address is most appropriate on the interface that is serving as the gateway for devices in the subnet, which is probably the router interface.

To go a little deeper into this I notice that the discussion says that the router and switch are connected by a trunk, which implies that there are multiple vlans. The config shows just one. If there are multiple vlans then there should be multiple subinterfaces on the router (one for each vlan) and one SVI on the switch (to act as its management interface). In this case, for consistency, I would suggest that the helper address for vlan 1 be on the same platform as the helper address for other vlans, so place it on the router.

2) If the switch has both default route and default gateway then which one is used depends on the operating mode of the switch. If it is in layer 3 operation then the default route is used. If the switch is in layer 2 operation then the default gateway will be used.

Julio makes the point that if ip routing is enabled then the ip default-gateway is not needed and can be removed. It is correct that it can be removed. And many people do remove it. But as I pointed out in a previous response it does no harm to leave it in the config and it can provide insurance in the case where the switch reverts to layer 2 operation.

HTH

Rick

HTH

Rick

Zanthra · ‎03-17-2018

Can you determine any of the devices connected to the switch are using the switch IP address, 192.168.100.2, as their default gateway, or are they configured to use 192.168.100.1 as their default gateway? If they are using 192.168.100.2 as their default gateway, the switch is in L3 mode.

If you imagine a configuration with other networks on the other side of the router, say a 192.168.42.0 network. If someone there wanted to talk to the switch (directly, such as opening it for configuration), the switch would need to send packets back to the 192.168.42.0 network. If it didn't have a more direct route, it would send it to the default gateway (I suspect L3 switches will use the default gateway for packets originating from the switch, even if the default route is different). This is true of L2 or L3 switches.

That does not mean that it is doing any routing. If devices connected through the switch have 192.168.100.1 as their default gateway, probably configured on the DHCP server, then they will be sending the packets directly to the router, and the switch will not be involved. Whether the switch is in L2 or L3 mode does not matter. On the other hand, if they have 192.168.100.2 configured as their default gateway, then (assuming they are working now) the switch is in L3 mode, and adding a second route to the switch will work.