How to configure static route on Cisco IOS Router

matdan · February 28, 2020, 1:10pm

Hello,
I have problem with static route. Can’t connect directly to default gateway.
How to connect to the gateway through a LAN (switch) and WAN (router)?
Thanks

Router:

interface GigabitEthernet0/2
 ip address 46.xxx.xxx.10 255.255.255.248
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/3
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/3.11
 encapsulation dot1Q 11
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/3.12
 encapsulation dot1Q 12
!
ip default-gateway 46.xxx.xxx.9
!
ip route 0.0.0.0 0.0.0.0 46.xxx.xxx.9

Switch:

interface FastEthernet0/1
 switchport mode trunk
 switchport trunk encapsulation dot1q
!
interface FastEthernet0/2
 switchport mode access
 switchport access vlan 11
!
interface FastEthernet0/3
 switchport mode access
 switchport access vlan 12

akhasfarooq · March 2, 2020, 8:24pm

Hi Laz,

Thanks! The PBR solution looks the simplest among the two options. However, I have to we are using this port already elsewhere on the network.

I did look at EEM solution however I’m facing some challenges with the scripting language (TLC).

First of all, I can create an extended ACL and provide the FQDN as the destination IP. However, the Layer 3 Core switch converts this to the matching IP address (ip name-server has been specified in the config) and it enters this IP as a static entry in the ACL.

I would like to implement the PBR solution but instead of filtering based on the FIX Port I would like to filter on the FQDN (specify it as the destination host in the ACL). I have even tried creating a variable (by enabling shell processing) with the value being the FQDN. However, once again, the Layer 3 switch converts it to the matching IP address and enters it as a static entry.

I would like to configure an EEM script that does the following:

Clear the local host cache on the Layer switch (clear host)
Ping the FQDN to force the switch to go out o the DNS Server for name resolution (ping FQDN)
Place the above result in a variable
Put the static IP listed in the ACL for the FQDN in a variable
Compare the above 2 variables
If they are different, then up date the ACL dynamically by removing the ACL entry and then re-adding it with the current IP for the FQDN

Below is my attempt to write the EEM script to do the above. However, I;m not so good with the TLC language used to write these scripts and so don’t know how to put the static IP in the ACL in a variable.

Event manager applet CHECK-DNS-FixDropCopy
Event timer watchdog time 30
Action 1.0 cli command enable
Action 1.1 cli command clear host
Action 1.2 cli command ping FixDropCopy.local
Action 2.0 regexp ICMP Echos to (.*), timeout is 0 seconds: $_cli_result _match_ip
** Need to put the static IP in the ACL in a variable at this stage**
Action 3.0 if $_ip ne Variable containing static IP in ACL
Action 4.0 cli command configure terminal
Action 4.1 cli command FIXVAR=
Action 4.2 cli command FIXVAR=$_ip
Action 5.0 cli command ip access-list extended FIX
Action 5.1 cli command no 10
Action 5.2 cli command 10 permit ip host 10.1.0.50 host $FIXVAR
Action 5.3 cli command end
Action 5.4 cli command wr mem

Note: Fixdropcopy.local is just an example FQDN and not the actual FQDN.

I would really appreciate if you can show me how to put the static IP in the ACL in a variable or maybe you might go about it in another way.

Many Thanks for your help Laz!

Regards

Akhas

lagapidis · March 3, 2020, 9:50am

Hello Matdan

There are a few discrepancies between your diagram and your configuration. I assume that the diagram has some typos:

On the diagram you have VLAN 1 and VLAN2, but according to the config, these should be VLAN11 and VLAN12.
On the diagram, the interface of the ROuter pointing to the DSL modem is on interface G0/3 but in the config it is on G0/2

In both cases I will assume the configurations are correct.

Now the server has an IP address of 46.x.x.11/29. In order for the server to reach the Internet, it must be configured with a default gateway. The default gateway must be in the same subnet as the IP address of the server. Based on the topology, the default gateway should be the subinterface G0/3.12, however there is no IP address configured on that interface. Therefore the server has no way to communicate outside of its own subnet.

Secondly, you have an IP address of 46.x.x.10/29 on the G0/3 interface of the router and 46.x.x.9 on the interface of the DSL modem. This IP address is in the same subnet as the server. This is not an acceptable addressing scheme. Every interface (or subinterface) on the router must have an IP address in a different subnet.

Therefore, in order to fix the topology you must:

Define two separate subnets, one for VLAN 12 where the server resides, and one for the link between the router and the DSL modem.
Assign G0/3.12 with an IP address in the same subnet as that of the server
set the default gateway of the server to the IP address on the G0/3.12 interface

An example of a correct configuration would be:

IP address of server: 46.x.x.5/29
IP address for G0/3.12 interface of router 46.x.x.6/29
Default gateway for server 46.x.x.6

In this example, the subnet used for the server and the G0/3.12 interface is different than that used on the G0/2 interface of the router, which is an acceptable addressing scheme.

I hope this has been helpful!

Laz

lagapidis · March 6, 2020, 10:53am

Hello Akhas

It looks like you’re making some progress with EEM. In order to achieve what you need, you can use the following command:

action 2.1 regexp "([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)" "$_cli_result" fqdn_ip_address

Note here that

regexp is the command that fetches the output and, using the parameters in brackets, extracts the IP address
$_cli_result is a built-in variable that stores the output of the CLI
fqdn_ip_address is the variable in which the IP address in the output of the CLI is stored

Now you can try to use the timer feature so that the series of commands is run every X seconds, or you can create a loop using the “while” command which will continue to run every X seconds until a change is detected. Once detected, you can rerun the command again.

Try to experiment with the above, and let us know your results. If you need additional help of course let us know!

I hope this has been helpful!

Laz

u.forte1 · April 6, 2020, 8:21am

Hi

I want understand better the default network.

Usually when i make show ip route example i see the network 192.x.y.z it’s announced by default route 0.0.0.0

What does it mean ? why some network are announced by default route ?

Why i must use the default route ?

Thanks so much

lagapidis · April 6, 2020, 12:33pm

Hello Ugo

When you look at the routing table of a router, you will see something like this:

HQ#show ip route 
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 -IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C       1.2.3.0 is directly connected, FastEthernet1/0
     192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
S       192.168.1.0/25 [1/0] via 10.2.2.2
S       192.168.1.128/25 [1/0] via 10.3.3.2

When a packet arrives that has a destination IP address of 192.168.1.55, it will match the static route of 192.168.1.0/25 and will be sent to the next hop IP of 10.2.2.2 according to the routing table. Why?

Well, look at the routing table entry of 192.168.1.0/25. This can also be written as 192.168.1.0 255.255.255.128. This specifies an IP address range of 192.168.1.0 to 192.168.1.128. Now the destination IP address of 192.168.1.55 falls within this range, so the packet was routed.

What if a packet arrives with a destination address of 55.1.2.3? It is not in the range of any of the routing table entries, so it will be dropped… unless a default route is configured.

The default route, when configured, will route any packet that doesn’t find any match in the routing table, to a particular next hop that you define. This is done using the 0.0.0.0 0.0.0.0 designation.

In the same way that the 192.168.1.0 255.255.255.128 defines a specific range of addresses, 0.0.0.0 0.0.0.0 also defines a range. Specifically, 0.0.0.0 0.0.0.0 defines a range from 0.0.0.0 to 255.255.255.255. In other words, all of the IPv4 address space.

Essentially it defines a network address of 0.0.0.0 with a subnet mask of 0.0.0.0. If you use these values to calculate the IP address range defined by these using subnetting as defined in this lesson, you will find that this is indeed the case.

So if you define a default route like so:

HQ(config)#ip route 0.0.0.0 0.0.0.0 170.170.3.4

It will appear in the routing table like so:

HQ#show ip route 
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 -IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 170.170.3.4 to network 0.0.0.0

C       1.2.3.0 is directly connected, FastEthernet1/0
     192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
S       192.168.1.0/25 [1/0] via 10.2.2.2
S       192.168.1.128/25 [1/0] via 10.3.3.2
S*   0.0.0.0/0 [1/0] via 170.170.3.4

Here you can see that the network to which this route belongs is 0.0.0.0/0 which is all IPv4 addresses. If a packet doesn’t match any other routing table entry, this final default route entry will match all traffic.

I hope this has been helpful!

Laz

Hamoud.mh85 · September 12, 2022, 12:31pm

Hello Rene,
when a static Route is configured like this : ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/1
How does the Arp Process work if The Des Address is not directly connected? The Router does not forward Broadcast ARP Packet by Default as I know !! It only forwards this when arp proxy is enabled.

lagapidis · September 14, 2022, 12:50pm

Hello Mohammad

If the destination address is not directly connected, then a recursive lookup occurs. That means the destination address is looked up in the routing table again, and if a route for that address is found, the appropriate exit interface is used.

Now, if there is no route to that destination address, then indeed proxy ARP is used to discover it. Remember proxy ARP is enabled by default on most Cisco platforms. You can learn more about this feature here:

I hope this has been helpful!

Laz

vicko164 · February 25, 2023, 2:11am

Hello, good night everyone

I have a question for you guys . I have a Verizon ONT connection going to a Cisco 9320 on port 1/0/24 using a Cat6 cable. This port is set up for DHCP and will not be assigned a static public IP address. This is our main ISP, and I just want to know if I use the command ip route 0.0.0.0/0 DHCP, would I be able to get out to the internet? I have nat running both in the inside vlans and on port 1/0/24.

lagapidis · March 1, 2023, 6:37am

Hello Rohan

The ip route 0.0.0.0 0.0.0.0 dhcp command will create a static default route using the next hop IP address that is received via DHCP. This is an acceptable way of configuring the default route of a particular device. Now this assumes that your ISP does indeed deliver a default route as part of its DHCP offering, beyond just an IP address. If that is the case, this should work just fine.

Take a look at this Cisco command reference for this particular command, and note the use of the dhcp keyword as well:
https://www.cisco.com/c/en/us/td/docs/ios/iproute_pi/command/reference/iri_book/iri_pi1.html#wp1037816

I hope this has been helpful!

Laz

alaufi248 · June 21, 2023, 9:57am

Hi Rene,
in your example for best match:

Router#show ip route static 
     192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
S       192.168.1.0/24 [1/0] via 10.2.2.2
S       192.168.1.128/25 [1/0] via 10.3.3.2
S    192.168.0.0/16 [1/0] via 10.1.1.2

if a default gateway was configured is it still going to forward it to 10.3.3.2?

because as per my understanding if default gateway is configured the all traffic will be forwarded to it.

kindly help me understand it if I’m wrong

lagapidis · June 23, 2023, 4:52am

Hello Abdullah

As in the lesson, we imagine that the router receives an IP packet with a destination IP address of 192.168.1.140. The best match based on this routing table above is 192.168.1.128/25 so the next hop IP is 10.3.3.2.

Now if a default route was configured, the result would be the same. Why? Because the default route, also known as the “gateway of last resort” will only be used if no other matches in any of the routing table entries have been made. Thus the term “last resort” in its name.

So the default route will be used as a “catch all” route that is applied only when no other matches in the routing table are found.

I hope this has been helpful!

Laz

iffy_jiffy · January 21, 2024, 10:40pm

Question, if “show ip route” shows the following where the route is configured as below i.e. same network having 2 destinations (via BGP), which route will it pick? Appreciate this is not a “static route” topic.

b       192.168.1.128/25 [20/0] via 10.3.3.2, 1w
b       192.168.1.128/25 [20/0] via 10.3.4.2, 1w

Thanks.

lagapidis · January 22, 2024, 12:07pm

Hello Irfan

If this was your routing table, and both routes were installed with the same metric, then by definition, load balancing would take place between them. However, in order for this to happen, you must configure BGP multipath so that multiple BGP routes can be considered as the best paths. For more info on mutipath, take a look at this lesson:

Once those BGP routes are considered equal, they are then installed in the routing table as you have shared in your post. When this occurs, load balancing will take place. How? This depends on the platform and IOS. If CEF is supported, then you can see how load balancing takes place in this NetworkLessons note.

Remember, load balancing will take place once there are two or more equal cost routes in the routing table. Once they’re there, it doesn’t matter what routing protocol was used to get them there, load balacing will take place. More information on how load balancing takes place once those routes are in the routing table can be found at this Cisco documentation:

Some additional information about the role of routing protocols and how the routing table is populated can be found at this NetworkLessons note.

I hope this has been helpful!

Laz

hp872940 · February 3, 2024, 11:48pm

Hi, Rene,
I am using the “PNETlab” simulator for practicing this static labs, but I don’t know to add a network into my topology, so I can’t config a static route for doing this lab. I tried to add a router as a network, but I failed. could you show me how to add a network into the topology?

lagapidis · February 9, 2024, 2:07pm

Hello Heping

I’m not quite sure what you are asking. If you want to know how to configure a device within the PNETLab environment, take a look at their documentation page, under the section “Working with PNETLab” on the left menu. I you want to know how to create network addressing on the routers that you have created in the topology, then you can follow the instructions in the lesson that show you the command line commands to use to assign IP addresses to the interfaces. If this is not answering your specific question, can you clarify what it is you are asking?

I hope this has been helpful!

Laz