Setting a default gateway which is on a different subnet

networking static-routes

I work in a company which uses 3 subnets, 10.0.0.0/16, 10.1.0.0/16 and 10.2.0.0/16. The 3 subnets are connected using layer 3 switches (10.0.100.200, 10.1.100.200, 10.2.100.200), all of the machines on each subnet use the layer 3 switch as it's default gateway, which then directs the traffic to the real gateway which currently is 10.1.0.2

I have recently configured a new gateway on 10.0.0.1, and have begun testing this new gateway, for my client machines on the 10.0.0.0/16 subnet this is not an issue, I simply changed the default gateway assigned via DHCP to these machines to the new address and the traffic went out through the new gateway instead of going to the layer 3 switch.

I want to test this on another site as well, as we have different teams in each building who need access to different websites, and I want to make sure before we switch everything over that each team can access what they need to do their work.

So on a Windows workstation on the 10.2.0.0/16 network I tried setting the default gateway of the machine to 10.0.0.1, I checked where the traffic went to and it still went out through the old gateway (using tracert to 8.8.8.8 it gets there but through the old gateway, using tracert 10.0.0.1, it reaches 10.0.0.1). I believe the default gateway setting is being overridden by the static route table on the layer 3 switches.

I'm trying to figure out if it possible to set a static route on the machines in question so they can direct their gateway traffic to 10.0.0.1 and avoid it being overridden by the Layer 3 switches.

I used:

route add 0.0.0.0 mask 0.0.0.0 10.0.0.1 if 0x2

This was accepted by Windows, but repeating my tracert tests the traffic still goes out through the old gateway. I was hoping I could do:

route add 0.0.0.0 mask 0.0.0.0 10.0.0.1 if 0x2
route add 10.0.0.1 mask 0.0.0.0 10.0.100.200 if 0x2
route add 10.0.100.200 mask 0.0.0.0 10.2.100.200 if 0x2

But this also failed, running the second and 3rd commands Windows reported:

The route addition failed: The specified mask parameter is invalid. (Destination & Mask) != Destination.

So I know the commands I am running won't work, but is it possible to force Windows to direct its traffic through the layer 3 switches to my new gateway or am I on a fruitless search?

If I need to alter the static routes on the layer 3 switches I don't mind doing this, I have a maintenance window planned on Sunday anyway so I can do some tinkering then. I would rather not do this during working hours, for obvious reasons.

Just to clarify the links between sites, each layer 3 switch has the following connections:

gateway     , fibre link 1, fibre link 2
10.0.100.200,             , 192.168.10.1
10.1.100.200, 192.168.20.1, 192.168.10.2
10.2.100.200, 192.168.20.2,

So in order for my traffic to get to 10.0.0.1 from 10.2.249.28 (my testing machine) it needs to go through 10.2.100.200 > 192.168.20.1 > 192.168.10.1 > 10.0.0.1

The layer 3 switches in question are Netgear FSM7326P and GSM7328FS.

If, as I am starting to suspect I cannot do this by setting the static routes within Windows, is it possible to define a static route for individual IP addresses on the layer 3 switches? Since I am currently testing I only want traffic from the 3 or 4 machines I will configure for testing to go through the new gateway for now, I want all the other traffic to continue to flow as before.


A default gateway on a system defines which address on its local broadcast domain to send data for addresses which lie outside the directly connected subnets. Since 10.0.0.1 is outside of 10.2.0.0/16, a host on 10.2.0.0 still needs to know which address within 10.2.0.0 to send the packets to in order for it to be forwarded. Once the packet hits the gateway within 10.2.0.0, then it's up to that gateway how to handle it.

Creative static routes based on access control lists may be possible, depending on your networking gear.

In my opinion, your best bet would be to connect the new router/gateway (10.0.0.1) to the other subnets. Depending on the hardware you are using, you can accomplish this with either additional physical links or a mutually compatible trunking protocol. Once you have your new gateway connected to all three subnets, you will be able to manually connect the other computers to test.

That said, I'm confused as to what exactly you're testing that requires all three of these /16s to be able choose multiple gateways. If you just want to make sure it works, your initial subnet test seems to confirm that.

Related

Should I enable port 587 for mail relay access?
SMTP service detection
Redirect wildcard subdomain to same subdomain on different domain
A local IP address (RFC 1918) on my network that is not … local
Can I restore a backup made with Windows Server 2008 R2 in Windows Server 2012 R2?
Ubuntu 13.04 lenovo m490 INFO @wl_cfg80211_attach : Registered CFG80211 phy [closed]
How do I get an Atheros AR9285 working?
Conky Widgets are Opening in their Own Windows
I want to copy the data folders from a previous ubuntu(14.04) partition
Why doesn't LD_PRELOAD "v4l1compat.so" work with 64-bit Skype? [duplicate]
Why does my optical drive not play commercial dvds?
Is there a way to use multiple instances of Chromium or Firefox?