The network administrators use floating static routes to provide a backup path to a primary static or dynamic route in case of a link failure. The floating static route works only when the primary route is not available. The primary route may fail due to physical layer problems, a wrong configuration, or many other reasons. The router will choose the path with the lowest administrative distance if multiple routes are available to the destination. Remember that Administrative distance determines the trustworthiness of a route. If multiple paths exist to the destination, the router will choose the route with the lowest administrative distance value.
The default administrative distance of EIGRP is 90, so if we want to configure the floating static route for EIGRP routes, it must be configured with an administrative value higher than 90. If the floating static route is configured with a lower value than 90, the router will use that static route first.
In the figure above, the host has two paths to reach a web server.
Router3 has two default static routes configured, one with the default value of administrative distance and the other with an administrative distance of 3. Router3 typically sends data to the web server via Router1 because the static route pointing to Router1 is configured with the default AD value (1). The route pointing to Router2 is configured with an AD value of 3, so this is the static floating route.
When there is a problem in the first path, the router should automatically delete the first route from the routing table and add the floating static route in the routing table. So, the traffic will flow to the web server via the floating route. The administrative distance value of common protocol is the following:
Static – 1
EIGRP = 90
IGRP = 100
OSPF = 110
IS-IS = 115
RIP = 120
Configure Floating Static Route
We can configure the static route using the “ip route” command in global configuration. If the administrative distance is not specified, the default value is (1). For example, the above topology configures the default static route with its default administrative distance pointing to Fast Ethernet 0/0 of Router3. So, the static floating route should be configured using the following command in global configuration mode.
Router3 has a default static route pointing to Router1 with default administrative distance and a floating static route pointing to Router1 with an AD value of (3). So, this value is greater than the default value of 1, and, as a result, this route floats and is not present in the routing table unless the preferred route fails. So, we can use the “show ip route” command. The following image verifies the default route configured from Router 1 to Router 3 in the routing table. The floating route is not present in the routing table.
We can also verify the route using the “tracert and traceroute” command. I can verify the floating static route by disconnecting the cable between Router1 and Router3. Then, I can check Router3’s routing table. The figure below illustrates the routing table for removing the cable between Router3 and Router1.
A summary static route can be used to minimize the number of static routes in the routing table. Less routing table entries produce less CPU overhead and also provide better processing speed with faster routing table lookups.
Using summary static routes we can also make the management of a large number of static routes easy and less prone to errors. We use the summary static route when multiple networks point to the same exit interface or next hop. The Multiple static routes can be summarized into a single static route if:
The destination networks are adjacent and can be summarized into a single network address.
The multiple static routes all use the same exit interface or next-hop IP address.
In the figure, Router0 have configured four separate static routes to reach the 10.10.0.0/24 to 10.10.3.0/24 networks. All the networks are adjacent and also pointing to the same interface. So, we can configure a single route for all four routes.
Classless Inter-Domain Routing (CIDR) is a form of route summarization. In the route summarization, we should do super netting of all subnet that required route summarization.
Summary Static Route Calculations
Let us calculate the summary static route for the routes mentioned in the above topology. First list all networks in binary format, the figure below illustrates all networks in binary formats.
Now count the common bits from left to right to determine the mask for the summary route. We highlight the matching bits in the figure below. This is the prefix for the summarized route: /22 or 255.255.252.0.
Copy the matching bits, and then add zero into the position of the remaining bits to determine the summarized network address. As shown in the figure below, we summarized networks into a single network address 10.10.0.0/22.
So, now we can summarize the four configured routes Router1 into only one summary route for all four networks. The summary route 10.10.0.0/22 has included all four networks.
The figure below illustrates the stub network and a default route connection. Router0 is a stub router because there is only one path towards a destination network. Any network connected to this router would be a stub network. This means that the local network of switch1 is a stub network, and Router 1 is a stub router. So, running a routing protocol between Router0 and Router1 is a waste of resources.
So, we can configure a static route between both routers. Router1 has only one way to the destination network, so we can also configure the default route on Router 1 to point to Router2 as the next-hop address for all other networks. Both IPv4 addresses and IPv6 addresses support the configuration of static routes. Static routes are very useful when connecting to a specific remote network.
The procedure for transferring data between different networks is called routing. It is the foundation of every data network. The routers are responsible for transferring data from one network to another network. It is learning about remote networks using two ways:
Static Routing—The network administrator manually adds remote networks to the routing table to reach a specific network. The static routing protocol cannot be updated dynamically.
Dynamic Routing Protocols -Remote routes are automatically learned using a dynamic protocol. The route uses a dynamic routing protocol that automatically updates its table when changes occur in the network. It does not need any configuration in case of changes in the network topology.
Routers can also use both static and dynamic routing protocol methods simultaneously. Static routes do not require the same processing and overhead as dynamic routing protocols.
Static routing is possible for smaller networks with only one path to an outside network. However, static routing is too difficult with a large network, so we can easily use a dynamic routing protocol.
Most networks use a combination of dynamic routing protocols and static routes for better results and multiple paths to a destination network via static routes and dynamically learned routes.
But, a static route’s administrative distance (AD) is 1. So, a static route will take priority over all dynamically learned routes. Following are the key advantages and disadvantages of both routing types.
Advantages of Static Routing
Static routes do not advertise their routing table over the network, resulting in better security.
Using static routes requires less bandwidth than dynamic routing protocols, and no CPU cycles are used to calculate and communicate routes.
The static route sends data to a known path.
Disadvantages of Static Routing
Configuration and maintenance need more time and ability.
When a change occurs in the network topology, it must be reconfigured manually.
There is a higher chance of the wrong configuration in large networks.
Requires whole network knowledge for proper implementation.
The complexity increased with the growth of the network. So, maintenance becomes problematic.
Advantages of Dynamic Routing
Easy to configure, also easy to maintain.
When changes occur in the network topology, the dynamic protocol does not need further configuration.
There are very few chances of the wrong configuration in a large network.
With the growing network, maintenance is not as tricky as static routing.
Whole network knowledge is not required for maintenance.
Disadvantages of Dynamic Routing
Dynamic routes advertise their routing table over the network, resulting in a security hazard to the network.
The dynamic routing protocol requires a continuous handshake between each router, so it requires more bandwidth.
The path for sending data using a dynamic routing protocol is not known.
In the earlier networking period, the Layer 2 switch was the fastest device for forwarding data, just as data was physically received and forwarded onto other ports. The router was comparatively slow in the process.
The network engineer thinks about extending the switch portion into access, distribution, and core layers as much as possible. When they extended the layer 2 switches to these layers, they created loop issues.
To solve this problem, the engineers used the spanning-tree protocol, which still enables flexibility and redundancy in inter-switch connections. With the development of technologies, routers became faster and cheaper, so routing became possible at wire speed.
Therefore, the router has transferred to the core and distribution layers without affecting the network’s performance. The users are distributed into separate VLANs and subnets, and the network engineers start configuring the distribution swathes as layer 3 gateways for the users of access switch VLANs.
So, each distribution switch requires a unique IP address matching each access switch VLAN. The Layer 3 routed ports are used between the distribution and the core layer switch. The engineers are not dependent on the spanning tree protocol because there are no physical loops in the layer 2 portion of the topology.
We can configure a switch virtual interface (SVI) for both a multilayer switch and a Layer 2 switch for a VLAN that exists on that switch. However, only the multilayer (layer 3 supported) switch can do inter-VLAN routing.
The Switch Virtual Interface is not a physical port; therefore, it’s called a virtual interface. It functions on a multilayer switch like a router interface and can be configured similarly.
The SVI provides layer 3 processing for packets to all associated hosts of that VLAN. Whenever you want to configure the SVI, ensure that the particular VLAN exists on the switch.
In the figure above, the switch must have VLAN 100 and VLAN 200 in the VLAN database; if not, the SVI interface stays down. We required SVI for the following reasons.
To offer a gateway for a VLAN.
Providing Layer 3 IP connectivity to the switch
To support routing protocol and bridging configurations
The topology consisting of two VLANs required inter-VLAN routing using a switch virtual interface (SVI). The configuration steps are the following.
We enable routing on the switch using “IP routing.” If routing is not enabled on the switch, we can’t communicate with other VLANs. With this command, the switch builds its routing table over the IP address information on its virtual interfaces.
We can verify the IP routing configuration using the “show ip route” and “show startup-config” commands. The figure below illustrates the switch routing table.
As I said earlier, we can configure the switch virtual interface (SVI) interface for both Layer 3 and Layer 2 switches, but the difference is the “ip routing.” On layer 2 switches, we use the switch virtual interface (SVI) only for remote switch management.
We can verify the interface configuration by using the “show ip interface brief” command. Just like we use the command for router interface verification.
The command will show all ports and the switch’s virtual interface. We can also use the “show interfaces” command to see all ports and the VLAN interface. If we want the required interface, we can use the command with interface ID, such as, “show interfaces vlan 100”, this command will only display the settings of interface VLAN 100. For the other commands, you can read my earlier articles.
Advantages
The switch virtual interface (SVI) is faster than router-on-a-stick because everything is hardware switched and routed.
It does not require any external links from the switch to the router for routing.
In this method, the limitation of one link is over because we can use Layer 2 Ether Channels between the switches to get more bandwidth.
Disadvantages
The only disadvantage of layer 3 switches is that they are too costly.
The OSI model’s network layer (Layer 3) is responsible for packet forwarding between intermediate routers and different networks. The routers work in layer 3 of the OSI model, but usually, it’s seen that the routers are considerably slower than layer 2 switches.
Layer 2 switches cannot communicate in different networks because they cannot read a layer 3 packet. However, a layer 3 switch is a device that can read and forward traffic based on layer 3 information at a very high speed.
Layer 3 switches are essential in enterprise networks and are particularly designed for many subnets and virtual LANs. They are like high-speed routers without WAN connectivity.
It also acts as a switch because it connects devices on the same IP network or virtual LAN and performs at or near wire speed.
Usually, router-on-a-stick is a simple way to implement inter-VLAN routing because routers are mostly part of each network. However, most enterprise networks need high-speed packet processing.
To achieve this, they require high speed using multilayer switches. The Layer 3 switches generally give millions of packets per second (PPS) throughput. All Catalyst multilayer switches support the following Layer 3 interfaces:
· Routed port- The routed port is just like a physical interface on a Cisco Router.
· Switch virtual interface (SVI) is a virtual-routed interface for routing between different VLANs. It is also being used to connect the switch remotely.
All Layer 3 Cisco Catalyst switches can work as routers and support routing protocols, but numerous models of Catalyst switches require updated software for specific routing protocol features.
The catalyst 6500 and 4500 series approximately perform all functions of OSI layer 3 by default using hardware-based switching, but the catalyst 2960 series requires IOS release 12.2(55) or higher to support static routing.
The Catalyst 3560 and 45 series use the Layer 2 interface by default. The catalyst 6500 series uses Layer 3 interfaces by default. So, depending on the switch series, we can change the switch port between Layer 2 and Layer 3. We can change the switch port using the “switch port” and no switchport” commands in interface mode.
If you are using a legacy Inter-VLAN routing, ensure that switch ports connect to the router interface should be configured in the correct VLAN. This is a very common issue with a switch port and requires troubleshooting. If a switch port is not configured to correct VLAN, the devices on that VLAN cannot communicate outside its VLAN.
The figures below illustrate the switch port miss configurations. Figure 1 shows that host 1 is connected to switch0 port F0/1, part of VLAN 100, and switch port F0/2 is connected to Router interface F0/0, which is not part of VLAN-100.
Host 2 is connected to F0/6, and the Router0 interface F0/1 is connected to F0/10. Both F0/6 and F0/10 are part of VLAN 200. So host0 can send data up to the router, but the router cannot forward the data to host-1 because VLAN 100 is not physically connected to Router0. To resolve this problem, do the following on switch0.
Swithc>enable
Swithc#configure terminal
Switch(config)#interface FastEthernet 0/2
Switch(config-if)#switchport access vlan 100
Switch(config-if)#exit
Switch(config)#exit
Switch# write
Figure 2 also illustrates the problem with the switch port. The switch ports are properly configured, but we just connected the wrong switch port to the wrong router interface.
The figures show that F0/2 is part of VLAN 200, and interface F0/1 is configured for VLAN 200. However, we connect switch port F0/2 with router interface F0/1 instead. We also wrongly connected Switch port F0/2 instead of Switch port F0/10, so neither can send their data to Router0. To correct this problem, just connect F0/10 with router interface F0/1 and F0/2 with Router interface F0/0.
The topology in Figure 3 shows the router-on-a-stick routing model. But, the port connected to the router is not configured as a trunk. The port connected to the router for the traffic of multiple VLANs must be configured as a trunk.
But G0/1 on switch0 is not configured as a trunk and is in the default VLAN. Thus, the router cannot route between VLANs because each of its configured subinterfaces cannot send or receive VLAN-tagged traffic. To resolve this problem, configure G0/1 as a trunk.
Swithc>enable
Swithc#configure terminal
Switch(config)#interface G0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#exit
Switch# write
When the trunk is effectively established, devices connected to each VLAN can communicate with the subinterface assigned to their VLAN, enabling inter-VLAN routing.
The topology in Figure 3 shows the trunk link between Switches is configured but is going down, possibly due to a cable or the Router interface being shut down. There are no redundant connections or paths between these devices, so all VLANs are unable to communicate with each other.
Verify Switch Configuration
When a problem occurs, we can verify the switch configuration. We can use various verification commands to examine the configuration and identify the problem.
I have already explained these verification commands in the article Common Show Command – Cisco IOs, so follow these commands for verification. We can use the show interfaces interface-id switchport to check the port VLAN membership. We can also use show running-config command to check the switch port mode.
Troubleshooting Inter-VLAN Interface Issues
The most common interface issue using legacy inter-VLAN routing is connecting the physical router interface to the wrong switch port. Connecting the router interface in the incorrect VLAN causes traffic to reach the router and forward it to other VLANs.
This is the same problem as I discussed in the switch port issue. To correct this problem, no further configuration and testing are required. It only needs to place the cables correctly.
Verify Router Configuration – Interface Issues
The configuration of the Sub-interface with the wrong VLAN ID is one of the most common issues in the router-on-a-stick configuration. We can check interface issues using show commands.
The <show interfaces> and only the <show running-config>commands are useful in troubleshooting inter-VLAN routing problems. The figure below illustrates the <show interfaces> command output. The command produces a lot of output for all interfaces. However, as shown in the figure, you need to search for your required interface and required line.
We can just enter the command using the interface ID like <show interfaces fastEthernet 0/0.100>. Figure 2 illustrates the output of a command using interface ID.
We also use the <show running-config> command to check and verify the interface issues. The figure below illustrates the output of <show running-config> command. We can easily find the required information under the interface FastEthernet 0/0.100.
So, if we found the incorrect VLAN assignment into sub interface then we can correct this problem, to re-configure the subinterface into the correct VLAN using the <encapsulation dot1q VLAN ID> in subinterface configuration mode. We can address the problem by quickly verifying and allowing inter-VLAN routing to function properly.
IP Addresses and Subnet Masks Errors
Each VLAN requires unique subnets on the network. Each VLAN must be connected to the router for inter-VLAN routing. The VLANs can connect to the router using physical interfaces or subinterfaces. So, each interface or subinterface must be configured with a unique IP address of that subnet assigned to the VLAN.
This makes it possible for the devices on the VLAN to communicate with the router interface. The interface enables traffic routing to other VLANs connected to the router. The common issues of IP addressing errors are the following:
The router interface and subinterface have been configured with an incorrect IP address. The incorrect IP address on the interface prevents the VLAN hosts from being able to communicate with the router. Assign the correct IP address to the router interface using the command <ip address IP ADDRESS SUBNET MASK>. After correcting the IP address, the hosts on the corresponding VLAN can communicate with the router.
Some hosts on the VLAN cannot communicate with the router and verify their IP addresses. If the IP address is incorrect according to the subnet reserved and according to the address of the interface or subinterface, the hosts cannot communicate. Assign the correct IP address hosts on the VLAN.
Verifying IP Address and Subnet Mask Configuration Issues
Using the show commands, we can easily verify the IP address configuration for the router interface or subinterface. The figure below illustrates the output of <show ip interface brief> command. You can see the IP address assigned to each interface and subinterface here.
The <show running-config> command can also display the IP addresses assigned to the interface or subinterface. For reference see figure 2 above. Sometimes the IP address configuration of the host side is incorrect. For this, you should verify the configuration by using the <ip config/all> command in the command prompt of the operating system.
