How to disable 3Com 4500 from Layer 3 routing

LlewellynIT
LlewellynIT used Ask the Experts™
on
I have a 3com 4500 in use in the building currently as just a Layer 2 switch with some 802.1q going on. I'm noticing some weird issues on one of our networks and wanted to make sure that Layer 3 routing is disabled on this 3com 4500. How can I ensure that this is only doing Layer 2 switching and is not interfering with the routing that our primary router is supposed to be doing?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
If you don't define an IP address for the VLAN's on the 4500 it will keep the VLAN as a Layer 2 VLAN and will not route it.  There is no way to disable routing other than just not assigning an IP address.  So, if you do have IP addresses on the VLAN's it will automatically route them unless there is an ACL blocking it.

Author

Commented:
I have set an IP on the switch for both VLANs in question so I can access it from both VLANs. We have two VLAN's and for this example I'll suppose the gateway for VLAN 2 is 192.168.2.1 and VLAN 3 is 192.168.3.1. Also assume that the IP of the switch is ".2" at the end of each IP range.
Currently the 3com 4500 has several IP routes defined:

Destination IP          Mask               Next Hop              Interface                Protocol

0.0.0.0                      0.0.0.0               192.168.2.1     Vlan-interface2     netmgmt
0.0.0.0                      0.0.0.0               192.168.3.1     vlan-interface3     netmgmt
127.0.0.0                255.0.0.0            127.0.0.1          inLoopBack0          local
127.0.0.1         255.255.255.255     127.0.0.1          inLoopBack0          local
192.168.2.0       255.255.255.0       192.168.2.2     Vlan-interface2       local
192.168.2.2    255.255.255.255      127.0.0.1         inLoopBack0          local
192.168.3.0    255.255.255.255      192.168.3.2     Vlan-interface3      local
192.168.3.2    255.255.255.255      127.0.0.1          inLoopBack0         local

Most of these look fine, except that since our Cisco 2811 has a static route for VLAN 2 that bounces traffic to a 192.168.2.5. I'm not worried about it being accessible from both VLANs via IP, but I definitely want to be positive this not routing anything as is.

Author

Commented:
Woops - second to last static route should be:
192.168.3.0   255.255.255.0    192.168.3.2    Vlan-Interface3     local
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

If you don't want to do any routing on the 3Com, and the default gateway of all of your devices is the .1 address of the Cisco in that subnet, then you don't need to have any static routes configured.

Even if you are routing on the 3Com you shouldn't need to have a static route for a network you are directly attached to.
It looks like 3Com considers this a L3 switch, even if you are only using IP for management purposes, so if you need to get to those switch addresses from outside the local VLAN you will need a default route.

Author

Commented:
So I can get rid of all of the static routes except for the following two?

127.0.0.0                255.0.0.0            127.0.0.1          inLoopBack0          local
127.0.0.1         255.255.255.255     127.0.0.1          inLoopBack0          local

Commented:
As long as you have a route from the router back to the switch you do not need to have IP's defined on all the VLAN 's on the 3Com to access it from either VLAN.  My original post is correct.  

Is this question from your original config before you started utilizing the 3Com to route or after you have enabled routing?

If it's before - you should not have had to configure any more than one management IP on the switch.  Assuming the Cisco was routing and you had a .Q trunk between the Cisco and 3Com.

Commented:
The only route you would need on the 3Com (if you want it to function as a Layer 2 switch) is a defult route to the Cisco on the same subnet as the 3Com management interface.

Author

Commented:
This stuff was in there before I had attempted to begin programming it as Layer 3; I'm guessing remnants from a previous setup the previous IT admin was attempting. I went in and found existing static routes so I wanted to understand them before I removed them. Since our 3com 4500 in currently in use as a Layer 2 switch I actually went ahead and picked up a used Cisco 2948G Layer 3 switch to experiment with so I didn't have to mess with a production switch. My first step here though was ensuring the 3com 4500 is functioning at Layer 2 and not interfering with things.
Most of those routes, except the two default routes, are just local routes on the 3Com due to IP configured on the two VLANs. I don't know the architecture of the 3Com so I can't tell you if it disregards the default gateway path your packets should take from devices on VLAN 2 trying to get to VLAN 3 and just switches them because it knows where the destination is because it has interfaces in both networks. To confirm that do a trace route from a PC on VLAN 2 to a pc on VLAN 3. If it doesn't go through the Cisco then the 3Com is switching. If that is the case and you don't want it to go that way just take IP off one of the VLANs in the 3Com and manage it by the other address only. If you want the 3Com to act as a L2 only switch there is no need to have IP on both VLANs.

By the way, what are the symptoms of the issue you are having?

Author

Commented:
One thing to note : The 2811 is currently the DHCP server. What makes me think the 3com is messing with stuff is this:

Our VLAN 2 has a static route map on our Cisco 2811 that routes internet traffic to the internal IP of our DSL modem, which ends in a .5 while the gateway ends in a .1. I looked at the static routing on the 3com and wondered if that could be conflicting with what I want the 2811 to have it do.

Users on VLAN 2 who connected wirelessly (all APs are plugged into the 3com since it has PoE) would occasionally just lose their internet connection. (Don't get me started on Vista users - they can't even get an IP wirelessly so I wire them into the LAN.) On Windows XP computers, to get it working all you'd have to do is ping the internal IP of our DSL modem and then your connection would re-establish. Almost like you were "reminding" the computer about it's existance. Weird. The process would literally be this:

ping google.com - time out, time out, time out, time out
ping xxx.xx.xx.1 - <1ms, <1ms, <1ms, <1ms
ping xxx.xx.xxx.5 - time out, 2ms, 4ms, 1ms
ping xxx.xx.xx.1 - <1ms, <1ms, <1ms, <1ms
ping google.com - 80ms, 100ms, 75ms, 50ms
Make sure you don't have proxy arp enabled anywhere.

Having conflicting default routes can cause issues. If you don't have to manage the 3Com from a lot of remote places I would get rid of the default routes on it. If you manage the 3Com from a device or devices on VLAN 2 or 3 they have no need for a route to be present for your attempt at using this as an L2 platform.

Author

Commented:
Okay I am down to these 4 now. How many of these are necessary for Layer 2 function and maintaining my ability to manage via IP from same subnet? Will never have the need to manage from VLAN 2 or remotely.

Destination IP          Mask               Next Hop              Interface                Protocol

127.0.0.0                255.0.0.0            127.0.0.1          inLoopBack0          local
127.0.0.1         255.255.255.255     127.0.0.1          inLoopBack0          local
192.168.3.0    255.255.255.255      192.168.3.2     Vlan-interface3      local
192.168.3.2    255.255.255.255      127.0.0.1          inLoopBack0         local

Author

Commented:
Nevermind, it won't let me remove any more. I'll do some testing with the wireless tomorrow to see if that affects my other issues. Thanks you both for explaning this in such detail, it is helping me better understand how routing works. The help is much appreciated!!

Author

Commented:
Immensely helpful breakdown of routing on a Layer 3 switch. Thank you guys!
Those that are left are to be expected based on the  IP configuration. They aren't static routes that were manually added.

Author

Commented:
I noticed two ACL's that seem to be active - one on all the ports and another on a single port. I tried removing them but they say they are active so cannot be removed.

Would this have some default ACL's configured to prevent broadcast storms? Or should I remove any ACL's I see here because I do not want this functioning at layer 3?
I don't know of any default ACLs but they may have been created based on choices in WEB interface. They may also be for preventing management access to the switch. There are layer 2 ACLs so they may not have anything to do with routing but be there to control broadcasts or multicasts. The ACLs are probably considered active if they are applied to an interfasce.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial