Solved

default gateway best practice

Posted on 2013-02-04
14
599 Views
Last Modified: 2013-02-05
This is what I have in one vlan:

FW<-->sw1<-->sw2<-->sw3<-->sw4
                         |
                        sw5

The default gateway (DG) for all switches are pointing to the fw. What is the default gateway configuration best practice.  In other words, should I have sw4 DG as sw3, sw3 DG as sw2, sw2 DG as SW1, and sw5 DG as sw2?

Thanks
0
Comment
Question by:biggynet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +2
14 Comments
 
LVL 21

Expert Comment

by:Tapan Pattanaik
ID: 38853874
Hi biggynet,

Spanning-Tree Cisco Enhancements

http://ciscoiseasy.blogspot.in/2010_10_01_archive.html

Q-in-Q Tunneling:

http://netcerts.net/category/switching/

Private Vlans – Control Plane/Data Plane:

http://mellowd.co.uk/ccie/?tag=switch

Cisco LAN Switching Fundamentals: Configuring Switches:

http://www.ciscopress.com/articles/article.asp?p=358549&seqNum=5
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 100 total points
ID: 38854051
FW as DG is fine but your switch config has no redundancy at all if that diagram is to be believed. What happens to your network if SW2 dies?
0
 
LVL 17

Expert Comment

by:pergr
ID: 38854073
Would be better (for redundancy and capacity) to have all switches connected directly to SW1.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 17

Assisted Solution

by:pergr
pergr earned 300 total points
ID: 38854074
Default GW is fine.

If you can buy more hardware, get a redundant "stack" as SW1, like the Juniper EX virtual chassis.
0
 

Author Comment

by:biggynet
ID: 38855231
Taking out the redundancy design. Is having the DG as the FW the best practice? Thanks
0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 300 total points
ID: 38855286
With all 4 switches in the same subnet, the DG is only used when you want to go outside the subnet - which is outside the firewall. Hence, it is perfectly fine to have the DG on the FW.

This assumes you have a single subnet on your network.
0
 
LVL 18

Assisted Solution

by:Akinsd
Akinsd earned 100 total points
ID: 38855538
Default Gateway is the Gate Way to exit a subnet.
The Gate Way is always the Non-switching Interface that a subnet is connected to physically or virtually.
If you have layer 3 switches, you can configure interface vlans and use it as gateways for respective vlans created.

In your case, if all the switches are Layer 3 with no interface vlan, or Layer 2 switches, the only gateway you will have is the interface on the FW that connects to SW1 (Assuming all switches belong to the same vlan since you did not indicate how many and where vlans are configured).

In layman's terms
Imagine a house with multiple rooms and a main front door. The only way anyone in any room can go on the street is to exit through the front door.

In other words, there is no best practice persay (with exceptions with interface vlan configurations).

Hope this helps
0
 

Author Comment

by:biggynet
ID: 38855713
one vlan... one subnet...
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 38855732
Ok
Then your ONLY gateway is the FW interface connecting to SW1 in this scenario
0
 
LVL 17

Expert Comment

by:pergr
ID: 38855876
Actually, you do not even need to configure any DG..., but the FW is fine.
0
 

Author Comment

by:biggynet
ID: 38856899
Why is DG not necessary?
0
 
LVL 17

Expert Comment

by:pergr
ID: 38857159
I assume you are connecting to the switches only from within your own subnet - for management, statistics, etc.

Only if the switch needs to make a connection outside the firewall - or if you connect to the switches from outside, do you need any DG on them.
0
 

Author Comment

by:biggynet
ID: 38857219
pergr,

Sorry but I don't understand your reply.
0
 
LVL 17

Accepted Solution

by:
pergr earned 300 total points
ID: 38857311
If you use only a PC on the internal network to login to the switches, then that PC is on the same subnet as the switches - so you do not need the DG.

The DG is only used to send packets outside the subnet.

For example, assume your subnet is 192.168.1.0/24 (same as 255.255.255.0).
All you switches IPs are 192.168.1.x and your management PC is 192.168.1.y.

Your subnet is all IPs between 192.168.1.1 to 192.168.1.254.
This means your PC is within the subnet, so the DG is never used.

For the record, the IP address of the switches is only used for management, and not for forwarding user traffic.
0

Featured Post

Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question