0

I have a two building infrastructure that I need a few access point devices in Building 2 talk to the default gateway in Building 1.

Each building has its own firewall. Each building is connected over fiber to Cisco L3 Switches

  • Building 1 - 192.168.0.0/24
  • Building 2 - 192.168.1.0/24

Each L3 switch is configured as the default gateway and then has a default route set to their local firewall.

I have the problem that if I set a manual gateway IP address on a device to point to our building 1 gateway it basically get's overridden at the L3 switch level to point to the firewall destination.

Any ideas on how I could bypass the default route or ignore it for a specific device?

I am not looking to change the default route for all traffic to use Building 1's gateway.

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
Mike
  • 25
  • 3
  • 1
    `I have a two building infrastructure that I need a few access point devices in Building 2 talk to the default gateway in Building 1.` - A device on one subnet can't use a Default Gateway on another subnet. – joeqwerty Nov 24 '15 at 15:13
  • Yes understood, can I adjust the default routing to accomplish this task though? For one device on a network? – Mike Nov 24 '15 at 15:16
  • @joeqwerty Well, it can, but not directly (so, not as a default gateway, but it should be able to get to it). It would need to have a default gateway on its network that has some sort of policy route to point it to the other building. – Mark Henderson Nov 24 '15 at 15:18
  • Right you are. I was trying to stick to the letter of the law in my comment, based on what I assumed the OP meant in his question. Certainly a device in one subnet can use a router in another subnet, but not as a Default Gateway. – joeqwerty Nov 24 '15 at 15:22

1 Answers1

1

You can't point to a default gateway that is outside of your local broadcast domain. i.e. if you have an IP address of 192.168.0.10/24 then your default gateway must be inside that network. That's the whole point of a default gateway.

What I suspect you actually want to do is have some devices on your network use the default gateway on the 192.168.1.0/24 network to access the internet - is that correct?

If that's actually what you want - to get out to the internet via a different exit point, then one option is to use policy based routing. Without knowing exactly which switches you have, I can't tell you if this is possible.

But with policy based routing, you've got options. You can move your access points onto a third subnet, say 192.168.2.0/24, add that network to your switch, and put a policy based route to send all traffic from 192.168.2.0/24 to 192.168.1.x. This requires you to have routing knowledge. A network of that size could be managed with static routes, but you would need to have the knowledge on how to set that up.

The other option is to extend your L2 network between both the buildings. You could create a VLAN that spans the two buildings, and just pop your access points onto that VLAN. Then all of the traffic from that access point will travel to the other building and be switched there. This might introduce unacceptable latency, or depending on the transit between the two buildings, you might cop bandwidth charges too.

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
  • The policy based routing sounds like what I need to do but to complicate things further the config that would roll out to this access point would be to bridge the AP clients to the local LAN, essentially putting them on a 192.168.2.0/24 subnet in this example. Which could work if that's the only way to accomplish this but I would've preferred them to stick in their building's preferred subnet. I will try to work out the Policy Based Routing, thanks for your help! – Mike Nov 24 '15 at 16:18