?
Solved

default gateway best practice

Posted on 2013-02-04
14
Medium Priority
?
610 Views
Last Modified: 2013-02-05
This is what I have in one vlan:

FW<-->sw1<-->sw2<-->sw3<-->sw4
                         |
                        sw5

The default gateway (DG) for all switches are pointing to the fw. What is the default gateway configuration best practice.  In other words, should I have sw4 DG as sw3, sw3 DG as sw2, sw2 DG as SW1, and sw5 DG as sw2?

Thanks
0
Comment
Question by:biggynet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +2
14 Comments
 
LVL 21

Expert Comment

by:Tapan Pattanaik
ID: 38853874
Hi biggynet,

Spanning-Tree Cisco Enhancements

http://ciscoiseasy.blogspot.in/2010_10_01_archive.html

Q-in-Q Tunneling:

http://netcerts.net/category/switching/

Private Vlans – Control Plane/Data Plane:

http://mellowd.co.uk/ccie/?tag=switch

Cisco LAN Switching Fundamentals: Configuring Switches:

http://www.ciscopress.com/articles/article.asp?p=358549&seqNum=5
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 400 total points
ID: 38854051
FW as DG is fine but your switch config has no redundancy at all if that diagram is to be believed. What happens to your network if SW2 dies?
0
 
LVL 17

Expert Comment

by:pergr
ID: 38854073
Would be better (for redundancy and capacity) to have all switches connected directly to SW1.
0
WordPress Tutorial 2: Terminology

An important part of learning any new piece of software is understanding the terminology it uses. Thankfully WordPress uses fairly simple names for everything that make it easy to start using the software.

 
LVL 17

Assisted Solution

by:pergr
pergr earned 1200 total points
ID: 38854074
Default GW is fine.

If you can buy more hardware, get a redundant "stack" as SW1, like the Juniper EX virtual chassis.
0
 

Author Comment

by:biggynet
ID: 38855231
Taking out the redundancy design. Is having the DG as the FW the best practice? Thanks
0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 1200 total points
ID: 38855286
With all 4 switches in the same subnet, the DG is only used when you want to go outside the subnet - which is outside the firewall. Hence, it is perfectly fine to have the DG on the FW.

This assumes you have a single subnet on your network.
0
 
LVL 18

Assisted Solution

by:Akinsd
Akinsd earned 400 total points
ID: 38855538
Default Gateway is the Gate Way to exit a subnet.
The Gate Way is always the Non-switching Interface that a subnet is connected to physically or virtually.
If you have layer 3 switches, you can configure interface vlans and use it as gateways for respective vlans created.

In your case, if all the switches are Layer 3 with no interface vlan, or Layer 2 switches, the only gateway you will have is the interface on the FW that connects to SW1 (Assuming all switches belong to the same vlan since you did not indicate how many and where vlans are configured).

In layman's terms
Imagine a house with multiple rooms and a main front door. The only way anyone in any room can go on the street is to exit through the front door.

In other words, there is no best practice persay (with exceptions with interface vlan configurations).

Hope this helps
0
 

Author Comment

by:biggynet
ID: 38855713
one vlan... one subnet...
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 38855732
Ok
Then your ONLY gateway is the FW interface connecting to SW1 in this scenario
0
 
LVL 17

Expert Comment

by:pergr
ID: 38855876
Actually, you do not even need to configure any DG..., but the FW is fine.
0
 

Author Comment

by:biggynet
ID: 38856899
Why is DG not necessary?
0
 
LVL 17

Expert Comment

by:pergr
ID: 38857159
I assume you are connecting to the switches only from within your own subnet - for management, statistics, etc.

Only if the switch needs to make a connection outside the firewall - or if you connect to the switches from outside, do you need any DG on them.
0
 

Author Comment

by:biggynet
ID: 38857219
pergr,

Sorry but I don't understand your reply.
0
 
LVL 17

Accepted Solution

by:
pergr earned 1200 total points
ID: 38857311
If you use only a PC on the internal network to login to the switches, then that PC is on the same subnet as the switches - so you do not need the DG.

The DG is only used to send packets outside the subnet.

For example, assume your subnet is 192.168.1.0/24 (same as 255.255.255.0).
All you switches IPs are 192.168.1.x and your management PC is 192.168.1.y.

Your subnet is all IPs between 192.168.1.1 to 192.168.1.254.
This means your PC is within the subnet, so the DG is never used.

For the record, the IP address of the switches is only used for management, and not for forwarding user traffic.
0

Featured Post

WordPress Tutorial 2: Terminology

An important part of learning any new piece of software is understanding the terminology it uses. Thankfully WordPress uses fairly simple names for everything that make it easy to start using the software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month15 days, 2 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question