Sunday, December 12, 2010

Lesson 33 - Static Routing

In the previous post I attempted to explain how a router selects the best route if there are multiple paths available. In this lesson, I'm going to show you how you can use static routes effectively in two different topologies (the second one uses backup links). You'll see how basic knowledge on route selection can come in handy if you plan on using primary and backup connections.

All Cisco routers have the routing capability turned ON by default. The command responsible for this is:

router(config)#ip routing

This allows a router to create and use the routing table the moment we enable and configure at least two interfaces.

Some subnets and networks are simulated by means of creating and configuring virtual interfaces (Loopback) in my topology.

Pic. 1 - Routing Topology 1

Icons designed by: Andrzej Szoblik -

Directly Connected Networks
In the topology used (pic. 1), the routers have been assigned IP addresses and the interfaces are up. Since the routing process is enabled (ip routing) the directly connected subnets/networks show in the routing table immediately. Look at R1's routing table:

Pic. 2 - Directly Connected Networks.

The problem is with the destinations that are NOT connected directly to a router (remote). A router does not know anything about these by default. There are two ways of "teaching" a router about remote networks or subnets:
  1. Applying static routing (manual method)
  2. Applying dynamic routing (a routing protocol that distributes information automatically)
Static Routing
There are pros and cons of using manual method. In complex scenarios (with redundant connections), more often than not, we use dynamic routing protocols. But there are situations in which static routing is good or perhaps the best solution.

Consider our example. R4 and R5 are connected to so called stub networks. A stub network has only one way in and out (one path). Some routers used in such designs are relatively cheap and may not even have enough hardware resources to run a dynamic routing protocol (such as OSPF or EIGRP). Then, installing static routes is the only option possible. Also, imagine your broadband router (your home network is also the stub-like if you're connected to one ISP). This router does not have the paths to each and every destination on the Internet. It uses a form of static route instead known as: default route. More on the default route later in the post.

Let's look at the syntax which allows us to instruct a router about remote networks and subnets manually.

Pic. 3 - Static Route Command Version 1.
Let's read what this command does. 
"IP route towards class C network can be reached by sending packets to a next-hop router out the serial0/2 interface."

The last parameter used shows the router which interface should be used to send the packets out. If you configure the outbound interface instead of the IP address of the next-hop router in the path, this connection must be point-to-point (not multiaccess).

In case, the router's egress (outbound) interface is multiaccess link (Ethernet, Frame-Relay, ATM etc.), we must NEVER use local interface but IP address of the next-hop router instead. If you do not follow this recommendation, the router will try to resolve the layer 3 to layer 2 address for every destination out that interface. This leads to serious inefficiency and shows little understanding of routing operation of a person who used it.

If the router must send the packet to the next router in order to get to the destination (egress interface is multiaccess), the 'ip route' command should look like the example below (pic. 4).

Pic. 4 - Static Route Command Version 2.
Let's configure our routers so they can reach all networks int the topology used (pic. 1).

The routing works in both directions. This means that the router receiving packet to its directly connected network/subnet must know the returning path to the sender of the packet (source).

Configuration on R1

Step 1
Reachability towards The next-hop router is R2. The outbound interface is multiaccess link (F1/0). The order of statements does not matter. Configuring the remaining routers I will use a more logical approach than on R1.

R1#configure terminal
R1(config)#ip route

Step 2
Reachability towards and The same egress interface (F1/0).

R1(config)#ip route
R1(config)#ip route

Step 3
Reachability towards The egress interface is point-to-point (S0/2 running HDLC protocol). I can use either the next-hop IP address or the local interface s0/2.

R1(config)#ip route s0/2

Step 4
In order to reach Branch2 network, R1 must use R2 as the gateway. Even though R2 does not know how to get there now, I will configure it and then configure R2 to reach all networks and subnets (including

R1(config)#ip route

Step 5
Reachability to the point-to-point subnet between R2 and R5 (

R1(config)#ip route

Now, let's see what the routing table reveals:

Pic. 5 - Routing Table of R1.

Before I proceed with the configuration of the other routers let's consider a few things.

Look at the R1's routing table and the topology carefully, and try to answer the following questions before you test the reachability using 'ping'. If you have problems answering the questions 1, the remaining ones (2-4) should give you a few hints.

Question 1
How many IP addresses presented in the topology (pic. 1) will respond to ping from R1 after you have configured static routes so far (only R1 is configured with static routes; all other routers have IP addresses and interfaces enabled)?

Question 2
R1 sends ping (echo request) towards What is going to be the source IP address of this request?

Question 3
R1 sends ping (echo request) towards Is R1 going to receive reply (echo reply)? Why?

Question 4
R1 sends ping (echo request) towards Is R1 going to receive reply (echo reply)? Why?

If you have answered them, check if you were right. The answers are as follows.

Answer 1
There are 11 IP addresses to respond to the ping sent by R1. These are:
  • - reason: directly connected subnet (Loopback 1).
  • through 3 - reason: directly connected subnet (F1/0).
  • and - reason: source IP address is the It's the egress interface to reach these two addresses (via F1/0). R3 knows how to get back to R1's F1/0 interface (R3's F1/0 is connected to too).
  • and - reason: R1 will use F1/0 (egress interface) to reach these IP addresses according to our 'ip route' statements. The source IP address is going to be the address of F1/0. R2 knows its way back to subnet (directly connected to F1/0).
  •, and - reason: R4 knows how to get back to the source IP address R1 uses for these destination. R1 uses as the source IP address. This source (subnet is shared between R1 and R4 on their Serial0/2 interfaces.
The reason I ask this question is to draw your attention to two important facts:
  • A router is going to find the best match in the routing table for each destination. If not found, of course the packet is dropped. If found though, a router will not change the source and destination addresses in packets TRAVERSING it. If the packet is ORIGINATED by the router (here: ping), the source of IP address used is going to be the address of its egress (outbound) interface by default.
  • Sending a packet out is one job, but the destination will try to send a response back to the source. The remote router which is going to respond, must know how to reach the source of the transmission as well (valid path back to the source in its routing table).
Answer 2
Ping from R1 towards is going to use as its source address since according to the routing table Serial0/2 is the outbound interface.

Destination shows the following detailed output on R1:

Pic. 6 - R1's Route Towards

The route shows that the longest match for is: This routing table entry points to Serial0/2 as an egress interface.

Answer 3
R1 sends the ping (echo request) packet towards Like explained in the answer 2, the source IP address for this echo request is going to be the address of the outbound interface (FastEthernet1/0). R2 knows how to reply back to since R2 is directly connected to the subnet with its FastEthernet1/0 interface.

Answer 4
R1 sends the ping (echo request) packet towards It is NOT going to get the reply from R5. The reason is that R5 does not know how to reply back to the source ( It has not been configured to reach remote subnets and networks yet.

I hope you have found this little quiz entertaining and informative enough.

Would you know how to configure R2 and R3 using R1's configuration as an example? Give it a try. If you can't do it yet, just follow the configuration presented below.

Configuration on R2

Step 1
Reachability to networks/subnets via R1.

R2#configure terminal
R2(config)#ip route
R2(config)#ip route
R2(config)#ip route

Step 2
Reachability to networks/subnets via R3.

R2(config)#ip route
R2(config)#ip route

Step 3
Reachability to network via R5.

R2(config)#ip route s0/2

Configuration on R3

Step 1
Reachability to networks/subnets via R1.

R3#configure terminal
R3(config)#ip route
R3(config)#ip route
R3(config)#ip route

Step 2
Reachability to networks/subnets via R2.

R3(config)#ip route
R3(config)#ip route
R3(config)#ip route

As for the routers R4 and R5 they connect stub networks. In order to simplify the configuration on these and reduce the number of entries on them, I am going to use a special type of static route called: the default route.

Pic. 7 - Default Route Example.

The destination IP address (unknown) represents all destination which cannot be found in the routing table. This address uses the network mask of all zeros ( As long as the router does not have the best match in the routing table for a given destination ('subnet not in table') the default route is going to be used instead. It is the 'gateway of last resort'. Like previously explained, on point-to-point links you can use the outbound interface instead of the address of the next-hop router.

Applying default routes is going to be easy.

Configuration on R4
Step 1
Packets for all unknown destinations send via R1.

R4(config)#ip route s0/2

Configuration on R5
Step 1
Packets for all unknown destinations send via R2.

R5(config)#ip route s0/2

Simple test will prove the default route operation:

Pic. 8 - Default Route Test.

Even though the routing table does not have the route towards, the packets are delivered using the default route (via R1 which knows how to get there).

Look what the routing table shows when default route has been added (pic. 9).

Pic. 9 - Routing Table with Default Route.

Static Routing with Primary and Backup Links
In order to spice things up, I am going to configure two additional connections from HQ to our branches using Frame-Relay. These redundant paths must be used as the backup links. They should be used in the case of losing main path via Serial0/2 interfaces (down).

Pic. 10 - Routing Topology with Redundant Paths.

Icons designed by: Andrzej Szoblik -

Please, disregard my configuration of Frame-Relay links for now. I'm going to address WAN protocols in the upcoming posts. I only need the extra connectivity to show you how to handle the primary and backup scenario using static routing.

Frame-Relay Configuration is going to look like this in order to reflect the topology in the pic. 10.

Circuit Between R1 and R5

R1 Configuration:
R1(config)#interface serial0/0
R1(config-if)#encapsulation frame-relay
R1(config-if)#no frame-relay inverse-arp
R1(config-if)#ip address
R1(config-if)#frame-relay map ip 105 broadcast
R1(config-if)#no shutdown

R5 Configuration:
R5(config)#interface serial0/0
R5(config-if)#encapsulation frame-relay
R5(config-if)#no frame-relay inverse-arp
R5(config-if)#ip address
R5(config-if)#frame-relay map ip 501 broadcast
R5(config-if)#no shutdown

Circuit Between R2 and R4

R2 Configuration:
R2(config)#interface serial0/0
R2(config-if)#encapsulation frame-relay
R2(config-if)#no frame-relay inverse-arp
R2(config-if)#ip address
R2(config-if)#frame-relay map ip 204 broadcast
R2(config-if)#no shutdown

R4 Configuration:
R4(config)#interface serial0/0
R4(config-if)#encapsulation frame-relay
R4(config-if)#no frame-relay inverse-arp
R4(config-if)#ip address
R4(config-if)#frame-relay map ip 402 broadcast
R4(config-if)#no shutdown

Now let's get back to the business. If I add two static route entries using the newly created paths, the metric of each of them is going to be identical with the metric used by the primary link (Serial0/2). This way, load balancing (traffic sharing) is going to be used since two equal cost paths exist. Our design stipulates that Frame-Relay circuits should be used as the backup links only (Serial0/2 down).

In order to accomplish this, I should change either the metric or administrative distance of the backup path. Unfortunately, we cannot change the metric (no command available) on static routes, but we can easily increase the value of administrative distance to make the backup path less preferred. The default AD for static routes is 1, so I will make the backup route less trusted by using the value of, say, 3.

Backup Link Between R1 and R5

R1 Configuration:
R1(config)#ip route 3

R5 Configuration:

R5(config)#ip route 3
Backup Link Between R2 and  R4

R2 Configuration:
R2(config)#ip route 3

R4 Configuration:
R4(config)#ip route 3

This way, the primary link (via Serial0/2) is preferred due to the lower administrative distance (AD=1). Look at R4 now:

Pic. 11 - R4's Routing Table with Primary Link UP.

In case the primary link goes down, the extra ip route (using Frame-Relay link) kicks in like shown in the pic. 12.

Pic. 12. - R4's Routing Table with Primary Link DOWN.

In the few upcoming posts, I will focus in on dynamic routing protocols.


CCNA Basics | Cisco Advanced | Linux Last Update: 19/02/2019 - eBGP Peering CCNA Lessons: 01 - Connecting to Cisco Cons...