How to configure static route on Cisco IOS Router

(Rene Molenaar) #1

This topic is to discuss the following lesson:

(RAJAGOPAL K) #2

Hello Renne,

What does " 2.0.0.0/24 is subnetted, 1 subnets" mean in below output?

********

Branch#show ip route 
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1,
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, FastEthernet0/0
     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, FastEthernet1/0
(Rene Molenaar) #3

Hi Rajagopal,

2.0.0.0 /8 is a class A network and 2.2.2.0 /24 is a “subnet” of this class A network.

The routing table will always show the class A network address (2.0.0.0 /8) and the subnets below it (2.2.2.0 /24).

Hope that helps!

Rene

(Ranjitha P) #4

How could you find the current non-used IP addresses in your LAN?. Is it safe to take any of them?

 

(Rene Molenaar) #5

When you assign static IP addresses to devices then you should always keep track which devices are using which IP addresses. Otherwise you might find yourself one day assigning duplicate IP addresses to your devices.

If you want to find all devices in your LAN then you could try a tool like “nmap” (network scanner).

(Veeral K) #6

Hi Rene

I set up a simple network PC1 <-> R1 <-> R2 <-> PC2
All the static routes are implemented, pings work from PC1 to PC2. However when i do a trace from PC2 to PC1 or vice versa, I always get the (ICMP type:3, code:3, Destination port unreachable) at the end of the route hop.

PC2&gt; trace 192.168.1.1
trace to 192.168.1.1, 8 hops max, press Ctrl+C to stop
 1   192.168.2.254   10.000 ms  9.000 ms  10.001 ms
 2   192.168.12.1   20.001 ms  20.001 ms  19.001 ms
 3   *192.168.1.1   31.002 ms (ICMP type:3, code:3, Destination port unreachable)

I know that the trace was successful, but why does it say Destination port unreachable ?

Thanks,
Veeral

(Rene Molenaar) #7

Hi Veeral,

I guess you are using the virtual PC in GNS3? I believe it has some bug that it doesn’t like UDP traceroute (the default). You can try TCP to see if it works. Normally a type 3 / code 3 means that the destination host is not reachable.

Rene

(Zoheb S) #8

When I ping 1.2.3.1 from headquarters, I get 0 success rate. Am I doing something wrong?

(Andrew P) #9

If you paste your router configs in a reply, we can help you track down what is wrong.

1 Like
(Matt W) #10

Hi Rene,

Another website I was looking at suggested the following:

ip route 192.168.1.0 255.255.255.0 serial0/2 - Local (outbound) interface can be used ONLY on point-to-point basis.

ip route 192.168.1.0 255.255.255.0 10.1.1.1 - The next hop router’s IP address CAN be used on Point-to-point links but MUST be used on multiaccess links.

What is meant by this? Is there a hard and fast rule that must be used when deciding to use the router’s exiting interface name instead of the next hop address?

My home router has the gateway of last resort as:

ip route 0.0.0.0 0.0.0.0 Dialer0

Could I instead use:

ip route 0.0.0.0 0.0.0.0 x.x.x.x where x is the ISP’s gateway.

What are the advantages/disadvantages?

Cheers,

Matt.

(Emmanuel U) #11

Hi,
Please i need your help
i have a VSAT connection to the internet but am unable to to make it work with my cisco router 1900 series.
i have configure the LAN interface with ip address of 192.168.1.254 255.255.255 and the dhcp enable and it is working
but couldn’t configure it to connect to the internet through my WAN interface.
these are the configuration of the VSAT modem 197.242.251.152/29
modem ip address is 197.242.251.153
default gateway 197.242.251.153
subnet mask 255.255.255.248
Usable ip address 197.242.251.154 to 197.242.251.158

If i connect my laptop directly to the modem i can browse because the modem automatically assign a public ip address to to the laptop.
please i need your help

(Andrew P) #12

Have you configured your Cisco router to do NAT?

(Rene Molenaar) #13

@Matt

Both will work but there is an important (performance) difference between the two. Let’s say we are using Ethernet. Here’s the first static route:

ip route 0.0.0.0 0.0.0.0 192.168.1.1

When your router wants to forward a packet that has matched this default route then it has to put the packet in a L2 frame. It checks the next hop address, does an ARP request, gets a reply and is able to forward the packet. Life is good.

Here’s another static route:

ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/1

This time we use an interface as the next hop. When your router wants to forward a packet with the interface as next hop then it has no idea what to use as the destination MAC address in the L2 frame. Ethernet is multi-access so that means there could be more than one device on the other end.

If you use a static route like this then the router will assume that the destination address in your packet is DIRECTLY CONNECTED to that Ethernet interface. This means that it will do an ARP request for each and every packet that it tries to deliver.

You can see it in action here:

R1(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/1

R1#debug arp
ARP packet debugging is on
R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

&#42;Mar 31 06:43:14.464: IP ARP: creating incomplete entry for IP address: 2.2.2.2 interface GigabitEthernet0/1
&#42;Mar 31 06:43:14.465: IP ARP: sent req src 192.168.1.1 fa16.3ecf.35bc,
                 dst 2.2.2.2 0000.0000.0000 GigabitEthernet0/1.
R1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

&#42;Mar 31 06:44:33.295: IP ARP: creating incomplete entry for IP address: 3.3.3.3 interface GigabitEthernet0/1
&#42;Mar 31 06:44:33.296: IP ARP: sent req src 192.168.1.1 fa16.3ecf.35bc,
                 dst 3.3.3.3 0000.0000.0000 GigabitEthernet0/1.

It will work but it’s a performance killer. Keep in mind this is only a problem on multi-access interfaces.

On serial interfaces (or other point-to-point interfaces) this doesn’t matter since there is only one device on the other end. Your dialer interface is also point-to-point. Configuring the IP address of the ISP will also work but it won’t matter.

Hope this helps!

Rene

(florian k) #14

Hi rene, when is it the right situation to use both, the outgoing interface and the next hope in a route?
I have read that if e.g. the outgoing interface fails but the next hop is still recursive the route still works and stays in the routing table.
But are there situations where one would use both??? Or is it a rule of thumb to use the Interface on p2p and next hope on broadcast interfaces?

Thanks florian

(Rene Molenaar) #15

Hi Florian,

In my reply above yours, you can see the example why it’s a bad idea to use an interface as the next hop for multi-access interfaces (like Ethernet). It’s best to stick to IP addresses as the next hop.

For point-to-point interfaces, it doesn’t matter much. Sometimes it can be useful to use the interface as the next hop since you don’t always have the next hop IP address right away (for example with PPP connections).

Rene

(florian k) #16

hi rene,

thanks for your reply!

in your post above you mention that it would work if you specify only the interface for a multi-access network but obviously it is a performance killer.
but it would only work if the other router connected to that interface has proxy-arp configured, right? as otherwise there would not be any arp response packet coming back!?

and do you know of any use case to specify both, the interface and the next-hop in a static route?

thanks

florian

(florian k) #17

Do you know what i mean?

(Andrew P) #18

Florian,
In the case of a point-to-point link, it is always sufficient to specify the outgoing interface. In the case of a broadcast/multi-access interface (like Ethernet), Cisco’s best practice is to specify BOTH the interface AND the next hop IP address. While in most cases, you can get away with using only the next-hop IP, there are a few circumstances where this can result in unexpected behavior. Cisco has a pretty good article explaining how you can get into trouble without specifying both here:

http://www.cisco.com/c/en/us/support/docs/dial-access/floating-static-route/118263-technote-nexthop-00.html

The take away from the article is this:

Conclusion

Cisco highly recommends that you specify the outbound interface and the next hop IP address when you configure static routes. When the outbound interface is a point-to-point type of link (for example, a serial link), the specification of the next hop address is not needed.

(Matt W) #19

Hi Andrew. So what you’re trying to say is that with P2P links since there is only destination, it is satisfactory to only define the exit inerface for any packets. With a broadcast/multi-point interface there is more than one destination option so both the interface and the next hop IP address should be defined.

(Andrew P) #20

Correct!