Can low-end S series switches serve as gateways

10

You are not advised to use switches including the S2700 series, S5700LI, and S5700S-LI as gateways. The S2700 series, S5700LI, and S5700S-LI switches are Layer 2 switches. If they are used as gateways, they send all packets that need to be forwarded at Layer 3 to the CPU for software forwarding. This causes a high CPU usage. Because CAR parameters are configured to protect the CPU, a large number of packets are dropped, affecting forwarding of service packets. Therefore, it is recommended that you use high-end Layer 3 switches as gateways.

Other related questions:
Whether the S series low-level switches can be used as gateway devices
It is recommended to choose a more high-level series of three-layer switch as a gateway device.

Users are frequently disconnected from the LAN when the switch serves as a gateway
Description: The device serves as a gateway, and users in the LAN are frequently disconnected.

Products and versions involved:all products and versions

Fault description: The device serves as a gateway. Users in the LAN are frequently disconnected, and the device generates a large number of alarms about IP address conflicts. ARP/4/ARP_DUPLICATE_IPADDR:Received an ARP packet with a duplicate IP address from the interface. (IpAddress=[IPADDR], InterfaceName=[STRING], MacAddress=[STRING])

Solution 1. Perform antivirus scanning on a PC. 2. Configure ARP gateway anti-collision on the device. After this function is enabled, the switch generates an ARP attack defense entry, and discards the packets of which the VLAN IDs or source MAC addresses match the entry within a period of time. This prevents the ARP packets conflicting with the gateway address from being broadcast in the VLAN. system-view [HUAWEI] arp anti-attack gateway-duplicate enable

Perform the following steps to analyze the causes: 1. Run the display logbuffer command in any view to check logs, and obtain the attacker's MAC address based on the MacAddress field. display logbuffer ARP/4/ARP_DUPLICATE_IPADDR:Received an ARP packet with a duplicate IP address from the interface. (IpAddress=[IPADDR], InterfaceName=[STRING], MacAddress=[STRING]). 2. Search the MAC address table based on the attacker’s MAC address to obtain the attack source port. 3. After the attack source is located, it is found that a user's PC on the LAN forges the gateway to send IP address requests to the devices in the same network segment. This is caused by the viruses on the PC.

Suggestion The attacker sets the gateway address as the static IP address of the PC infected with viruses. The PC broadcasts gratuitous ARP packets on the LAN. After receiving the packets, other PCs modify their gateway ARP entries, and change the gateway MAC address as the attacker’s MAC address. This causes all users on the LAN to fail to access the network, interrupting network services. When the attacker frequently sends gratuitous ARP packets with the source IP address as the gateway address, the gateway device receives the packets and sends notification to normal hosts on the LAN to claim the correct gateway address. However, the frequent switching of the host gateway MAC address may also cause network interruption.


How does the S-series switch configure the default gateway
[Quidway]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top