cancel
Showing results for 
Search instead for 
Did you mean: 

2920 routing

 
SOLVED
Go to solution
TheLilLebowski
Occasional Contributor

2920 routing

I don't have much time to investigate, since I'm on site at one of my remote locations and am scrambling to get this (along with a couple other things) working before I leave...

Just bought a new 2920 switch and installed it.  Plan was to use this switch as somewhat of an internal router.  I have 3 vlans:

VLAN 1 - 192.168.104.0/24 (VLAN IP 192.168.104.254) Untagged on all ports except port 23

VLAN 114 - 192.168.114.0/24 (VLAN IP 192.168.114.1) Untagged on port 23

VLAN 154 - 192.168.154.0/23 (VLAN IP 192.168.154.1) Tagged on all ports (for IP phones)

Port 23 is plugged into a switch on the 114.0 (VLAN 114) network, which then uplinks to a couple other ports.  One of the ports on the 104.0 network (VLAN 1) goes to the firewall and the firewall address is set as the default GW.

The problem is that when I turn on IP routing, I can route between my VLANs, but it appears that nothing forwards to the default GW.  If I try to ping from the switch to anything outside of my 3 VLANs defined, I just get a message saying "Destination network not found" or something similar.  If I turn off IP routing, it does forward to my gateway and I can access internet, other facilities, etc. but I can't route between my VLANS.

What's going on here?  Why won't it forward anything to the GW with IP routing turned on?  Help, please and thank you.

 

6 REPLIES
Vince-Whirlwind
Honored Contributor
Solution

Re: 2920 routing

You say "nothing forwards to my default gateway" but you say you've enabled IP routing on the switch. Your default GW on each subnet should therefore be on the switch.
Also, your Firewall is on the same subnet as your hosts when they are connected to a seperate Layer3 device, which has to be fixed.
The switch needs a default route - ip route 0.0.0.0 0.0.0.0 192.168.199.1
The switch needs a new VLAN199 with 192.168.199.2 on it.
The switch needs an untagged port in VLAN199 where the FW patches in.
The FW needs its switch-facing interface readdressed with 192.168.199.1
The FW needs routes for each of the subnets that are on the switch, eg, 192.168.0.0/16 --> 192.168.199.2

TheLilLebowski
Occasional Contributor

Re: 2920 routing

Thanks for the info.  I actually figured it out last night.  The switch was set up with a "ip default-gateway 192.168.104.45" which is my firewall.  I didn't set it up, but saw this and it was the right IP, so I thought we were good to go.  When I tried it again,, I ran "ip route 0.0.0.0 0.0.0.0 192.168.104.45" and it started working.

So everything's working now, but I still have a question as to why these 2 statements have different effects.  I know why the route statement works, but why doesn't the default gateway statement work?  Isn't that essentially saying the same thing - i.e. "if you don't know about the destination network, send it to 192.168.104.45"?

Vince-Whirlwind
Honored Contributor

Re: 2920 routing

Sometimes, a "default route" means pretty much the same as "default gateway", depending on vendor, but really those are two completely different things.

A default gateway is Layer-2 functionality providing the IP address whose MAC address will be used to address all frames for packets where the subnet mask comparison gives a "off subnet" result.

A default route is Layer-3 functionality providing a destination IP address for inclusion in the routing table.

TheLilLebowski
Occasional Contributor

Re: 2920 routing

Thanks for the explanation.

 

16again
Respected Contributor

Re: 2920 routing

I have a different explanation.

Both default gateway and default route are about layer 3 addresses
The difference is:

-default gateway is for device with single L3 interface.  This is like a normal host (example PC), that can't route packets between interfaces.
-Default route is for routers, devices that can forward IP packets between different subnets and interfaces.

On some devices, L3 routing is enabled with "ip routing" command, when using that command switch from default gateway... to route 0.0.0.0/0 ....

 

I guess, this is just a relic from the past, where L3 switches didn't exist.  If re-invented nowadays, all L2 and L3 switches could/would only use route 0.0.0.0/0....

Vince-Whirlwind
Honored Contributor

Re: 2920 routing

Good point.

If you do a "route print" on your PC, you will see that your "default gateway" is a default route in your host's routing table.

I once had a cleanup job on a network where numerous hosts on a single segment were each being used as default gateway for various other hosts on the segment as well as default route for various other directly-connected segments. Then each of these hosts had static routes added to them so the various segments homed on different hosts could find each other. It was a very interesting setup....