The OSI model’s network layer (Layer 3) is responsible for packet forwarding between intermediate routers and different networks. The routers work in layer 3 of the OSI model, but usually, it’s seen that the routers are considerably slower than layer 2 switches.
Layer 2 switches cannot communicate in different networks because they cannot read a layer 3 packet. However, a layer 3 switch is a device that can read and forward traffic based on layer 3 information at a very high speed.
Layer 3 switches are essential in enterprise networks and are particularly designed for many subnets and virtual LANs. They are like high-speed routers without WAN connectivity.
It also acts as a switch because it connects devices on the same IP network or virtual LAN and performs at or near wire speed.
Usually, router-on-a-stick is a simple way to implement inter-VLAN routing because routers are mostly part of each network. However, most enterprise networks need high-speed packet processing.
To achieve this, they require high speed using multilayer switches. The Layer 3 switches generally give millions of packets per second (PPS) throughput. All Catalyst multilayer switches support the following Layer 3 interfaces:
· Routed port- The routed port is just like a physical interface on a Cisco Router.
· Switch virtual interface (SVI) is a virtual-routed interface for routing between different VLANs. It is also being used to connect the switch remotely.
All Layer 3 Cisco Catalyst switches can work as routers and support routing protocols, but numerous models of Catalyst switches require updated software for specific routing protocol features.
The catalyst 6500 and 4500 series approximately perform all functions of OSI layer 3 by default using hardware-based switching, but the catalyst 2960 series requires IOS release 12.2(55) or higher to support static routing.
The Catalyst 3560 and 45 series use the Layer 2 interface by default. The catalyst 6500 series uses Layer 3 interfaces by default. So, depending on the switch series, we can change the switch port between Layer 2 and Layer 3. We can change the switch port using the “switch port” and no switchport” commands in interface mode.
If you are using a legacy Inter-VLAN routing, ensure that switch ports connect to the router interface should be configured in the correct VLAN. This is a very common issue with a switch port and requires troubleshooting. If a switch port is not configured to correct VLAN, the devices on that VLAN cannot communicate outside its VLAN.
The figures below illustrate the switch port miss configurations. Figure 1 shows that host 1 is connected to switch0 port F0/1, part of VLAN 100, and switch port F0/2 is connected to Router interface F0/0, which is not part of VLAN-100.
Host 2 is connected to F0/6, and the Router0 interface F0/1 is connected to F0/10. Both F0/6 and F0/10 are part of VLAN 200. So host0 can send data up to the router, but the router cannot forward the data to host-1 because VLAN 100 is not physically connected to Router0. To resolve this problem, do the following on switch0.
Swithc>enable
Swithc#configure terminal
Switch(config)#interface FastEthernet 0/2
Switch(config-if)#switchport access vlan 100
Switch(config-if)#exit
Switch(config)#exit
Switch# write
Figure 2 also illustrates the problem with the switch port. The switch ports are properly configured, but we just connected the wrong switch port to the wrong router interface.
The figures show that F0/2 is part of VLAN 200, and interface F0/1 is configured for VLAN 200. However, we connect switch port F0/2 with router interface F0/1 instead. We also wrongly connected Switch port F0/2 instead of Switch port F0/10, so neither can send their data to Router0. To correct this problem, just connect F0/10 with router interface F0/1 and F0/2 with Router interface F0/0.
The topology in Figure 3 shows the router-on-a-stick routing model. But, the port connected to the router is not configured as a trunk. The port connected to the router for the traffic of multiple VLANs must be configured as a trunk.
But G0/1 on switch0 is not configured as a trunk and is in the default VLAN. Thus, the router cannot route between VLANs because each of its configured subinterfaces cannot send or receive VLAN-tagged traffic. To resolve this problem, configure G0/1 as a trunk.
Swithc>enable
Swithc#configure terminal
Switch(config)#interface G0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#exit
Switch# write
When the trunk is effectively established, devices connected to each VLAN can communicate with the subinterface assigned to their VLAN, enabling inter-VLAN routing.
The topology in Figure 3 shows the trunk link between Switches is configured but is going down, possibly due to a cable or the Router interface being shut down. There are no redundant connections or paths between these devices, so all VLANs are unable to communicate with each other.
Verify Switch Configuration
When a problem occurs, we can verify the switch configuration. We can use various verification commands to examine the configuration and identify the problem.
I have already explained these verification commands in the article Common Show Command – Cisco IOs, so follow these commands for verification. We can use the show interfaces interface-id switchport to check the port VLAN membership. We can also use show running-config command to check the switch port mode.
Troubleshooting Inter-VLAN Interface Issues
The most common interface issue using legacy inter-VLAN routing is connecting the physical router interface to the wrong switch port. Connecting the router interface in the incorrect VLAN causes traffic to reach the router and forward it to other VLANs.
This is the same problem as I discussed in the switch port issue. To correct this problem, no further configuration and testing are required. It only needs to place the cables correctly.
Verify Router Configuration – Interface Issues
The configuration of the Sub-interface with the wrong VLAN ID is one of the most common issues in the router-on-a-stick configuration. We can check interface issues using show commands.
The <show interfaces> and only the <show running-config>commands are useful in troubleshooting inter-VLAN routing problems. The figure below illustrates the <show interfaces> command output. The command produces a lot of output for all interfaces. However, as shown in the figure, you need to search for your required interface and required line.
We can just enter the command using the interface ID like <show interfaces fastEthernet 0/0.100>. Figure 2 illustrates the output of a command using interface ID.
We also use the <show running-config> command to check and verify the interface issues. The figure below illustrates the output of <show running-config> command. We can easily find the required information under the interface FastEthernet 0/0.100.
So, if we found the incorrect VLAN assignment into sub interface then we can correct this problem, to re-configure the subinterface into the correct VLAN using the <encapsulation dot1q VLAN ID> in subinterface configuration mode. We can address the problem by quickly verifying and allowing inter-VLAN routing to function properly.
IP Addresses and Subnet Masks Errors
Each VLAN requires unique subnets on the network. Each VLAN must be connected to the router for inter-VLAN routing. The VLANs can connect to the router using physical interfaces or subinterfaces. So, each interface or subinterface must be configured with a unique IP address of that subnet assigned to the VLAN.
This makes it possible for the devices on the VLAN to communicate with the router interface. The interface enables traffic routing to other VLANs connected to the router. The common issues of IP addressing errors are the following:
The router interface and subinterface have been configured with an incorrect IP address. The incorrect IP address on the interface prevents the VLAN hosts from being able to communicate with the router. Assign the correct IP address to the router interface using the command <ip address IP ADDRESS SUBNET MASK>. After correcting the IP address, the hosts on the corresponding VLAN can communicate with the router.
Some hosts on the VLAN cannot communicate with the router and verify their IP addresses. If the IP address is incorrect according to the subnet reserved and according to the address of the interface or subinterface, the hosts cannot communicate. Assign the correct IP address hosts on the VLAN.
Verifying IP Address and Subnet Mask Configuration Issues
Using the show commands, we can easily verify the IP address configuration for the router interface or subinterface. The figure below illustrates the output of <show ip interface brief> command. You can see the IP address assigned to each interface and subinterface here.
The <show running-config> command can also display the IP addresses assigned to the interface or subinterface. For reference see figure 2 above. Sometimes the IP address configuration of the host side is incorrect. For this, you should verify the configuration by using the <ip config/all> command in the command prompt of the operating system.
When configuring the Inter-VLAN routing, we must verify the host-to-host connectivity and data sending. Generally, we can check this using ping and tracert commands.
We have briefly discussed the check utility in article Interpreting Ping Results-Cisco IOs and Traceroute (Tracert) – Testing the Route, in this article, I am going to give you the short reminder of both ping and tracert utility then we should discuss different issues of inter-VLAN routing in the coming article.
Ping
We send an ICMP echo request to the destination address using the ping command. When a destination host receives an ICMP echo request, it responds with an ICMP echo reply to confirm the ICMP echo request.
It also calculates the time the echo request was sent and the time the echo reply was received. The time calculation is used to determine the latency of the connection.
If the source of the ping requires successfully receiving a reply from the destination, it confirms that there is a path between the sending device and the receiving device. The figure below illustrates the ping utility. Host 1 is pinging host 2, and the result shows at the end of the ping test.
Tracert
Using the tracert utility, we can get the complete picture of the hops between source and destination. The command has a few changes on UNIX systems, such as traceroute instead of tracert.
The tracert also uses ICMP to determine the path with specific time-to-live values defined in the frame. The time-to-live value specifies how many hops away the ICMP echo is allowed to reach.
The utility generates the first ICMP echo request with a time-to-live value set to expire at the first hop on the route to the destination device. When the ICMP echo request times get time out on the first hop, an ICMP message is sent back from the first hop to the source device.
The source device records the response from the first hop and sends another ICMP echo request with a more excellent time-to-live value. This allows the ICMP echo request to pass through the first hop and reach the second device on the route. Then, the process repeats until the echo reaches the final destination device.
When the tracert gets the final destination, it finishes and displays a list of ingress router interfaces that the ICMP echo request reached on its path to the destination. The figure below illustrates the tracert utility. The host on VLAN 100 will trace host 2 on VLAN 200.
The trace is completed, and there are two hops to the destination; the first hop is the fa0/0, the default gateway of VLAN 100, and the other hop is the default gateway of VLAN 200. We can check more hops using this utility, and get the result if any hop has a problem.
In a previous lesson, legacy inter-VLAN routing requires multiple physical interfaces on the router and the switch. However, in the ‘Router-on-stick’ configuration, only one physical interface is needed on both sides. The Router-on-a-stick allows routing packets to subnets associated with VLANs connected to a router 802.1Q trunk.
The Router-on-Stick uses a VLAN trunking configuration and creates a virtual interface connected to each VLAN. The router creates multiple virtual interfaces for each associated VLAN and then handles all frames tagged with that VLAN ID as if they came in and out of that virtual interface. The virtual interfaces are also called sub-interfaces of the router.
The sub-interfaces are software-based interfaces associated with a single physical interface. They are configured in the router’s IOS; each sub-interface works independently with IP address and VLAN assignment. The sub-interfaces make routing between different VLANs within the network possible.
The router-on-stick method can work and communicate up to 50 VLANs. So, if our network has more than 50 VLAN, we cannot usually use the Router-on-Stick method. The figure below illustrates the Router-on-Stick configuration. The switch is connected to Router1 using a single physical network connection (a trunk). The router’s physical interface has two subinterfaces for VLAN 100 and VLAN 200.
The topology has two VLANs configured on switch0 and two sub-interfaces configured on Router0—both sub-interfaces of the router needed to work as 802.1Q trunks and the switch port in trunk mode. So, the router receives VLAN-tagged traffic from the trunk on any sub-interface and processes the packet to make a routing decision.
Host 1 on VLAN 100 communicates with Host 2 on VLAN 200 through Router0 using a single physical router interface. Host 1 sends its unicast traffic to switch0. The switch0 tags the unicast traffic as originating on VLAN 100 and forwards it to its trunk link (G0/1), connected with Router0.
The Router0 accepts the tagged unicast traffic on VLAN 100 and routes it to VLAN 200 using its configured sub-interfaces because they are directly connected with both LANs. The figure below illustrates the directly connected sub-interfaces.
The Router0 tagged the unicast traffic as VLAN 30 and sent it to switch0 using the trunk link. The switch will now remove the VLAN tag of the unicast frame and forward the frame out to host 2 of VLAN 200.
Configure Router-on-a-Stick
Legacy inter-VLAN routing needs a physical interface for each VLAN, and the router has limited physical interfaces. Thus, its use is minimal. More physical interfaces are required as the number of VLANs increases on a network.
This configuration is not practical in an extensive network. So, the following solution for up to 50 VLANs is a router-on-a-stick configuration, which uses VLAN trunking and sub-interfaces.
As we learned in the previous article, VLAN trunking allows a single physical router interface to route traffic for many VLANs. This technique overcomes the hardware limitations based on physical router interfaces. The figure below illustrates the Router-on-Stick configuration.
When configuring inter-VLAN routing using the router-on-a-stick model, the connected switch port must be configured as a trunk. The router’s subinterfaces for each unique VLAN on the network must be assigned an IP address specific to its subnet/VLAN and configured to tag frames for that VLAN. So, we are going to configure Router-on-Stick inter-VLAN routing.
Configure Router-on-a-Stick – Switch
The Router-on-Stick configuration needed a Trunk link connected to the router’s physical interface. The Figure above illustrates that the Switch port G0/1 is connected to the router’s physical interface.
So, to enable inter-VLAN routing using router-on-a-stick, configure the trunk. The following is the switch configuration for this model of inter-VLAN routing.
Configure Router-on-a-Stick – Router
We configured the switch for a router on a stick model, so let’s configure the router sub-interfaces for this model. Since the switch has two VLANs, we need two sub-interfaces.
The figure below illustrates the router’s configuration for the router-on-stick model. We have configured two sub-interfaces according to the VLAN structure. Now, both VLANs can communicate with each other. You can see the video for configuration.
As we learned, each VLAN usually works on its subnet. The network switches mainly work at layer 2 of the OSI model, so they do not examine the logical addresses. Therefore, for traffic between VLANs, inter-VLAN routing is required. The Legacy Inter-VLAN routing is the first solution for traffic between different VLANs. It relies on routers with multiple physical interfaces. All interfaces had to be connected to a separate network and configured with a separate subnet.
The legacy inter-VLAN routing connects different physical router interfaces to different physical ports on the switch. The switch ports connected to the router must be placed in access mode.
Each physical interface of the router is assigned to a different VLAN. The router interface then accepts traffic from the VLAN related to the switch interface it is connected to. Then, the router sends the traffic to other VLANs connected to the different interfaces. The figure below illustrates the legacy inter-VLAN routing process.
#image_title
We can see that host 1 is VLAN 100, and host 2 is VLAN 200. So if host 1 wants to send data to host 2, the following steps would be.
Host – 1 on VLAN 100 communicates with Host – 2 on VLAN 200 through the Router.
The router has separate interfaces configured for both VLANs.
Both hosts are in different VLANs, so they have different broadcast domains and cannot send traffic directly without a default gateway.
Host 1 will check its ARP cache for the default gateway’s MAC address. If the MAC address is found in the cache, host 1 will send the data packet to the router. However, if the ARP cache does not have the default gateway’s MAC address, host 1 will generate the ARP request for it.
After getting the gateway’s MAC address, host -1 will send the packet to its default gateway (the router interface fa0/0). When the router receives the frame, it compares the destination IP address by referring to its routing table to determine which interface it should forward the data to the destination host.
The router then forwards an ARP request out the interface connected to the destination VLAN; when the switch receives the message, it floods it to its ports, and in this case, host – 2 would reply with its MAC address.
Router – 1 would then use this information to send it to host – 2 as a unicast frame.
December 28, 2018
Configure Legacy Inter-VLAN Routing
Multiple Physical interfaces are required on the router to configure Legacy inter-VLAN. The router can route with each of its physical interfaces connected to a unique VLAN. Configure each physical interface with the unique IP address for the subnets related to the particular VLAN.
After configuring the IP address on physical interfaces, each device connected to the LAN can communicate with the router using this physical interface. The router would be the gateway for each device on the VLAN. All the VLAN can communicate with each other without configuring any routing protocol on the router. The legacy Inter-VLAN routing required configuration on the switch and the router. The figure below illustrates the Legacy inter-VLAN routing:
Legacy Inter-VLAN Routing – Switch Configuration
To configure legacy inter-VLAN routing starts by configuring the switch. As shown in the figure, the Router is connected to switch ports Fa0/2 and Fa0/7, which have been configured for VLANs 100 and 200, accordingly.
Use the following command to create VLAN and assign ports to that VLAN. Remember that issue the command in global configuration mode. The port must be in access mode
In this example, the interfaces Fa0/1 to Fa05 have been assigned to VLAN-100 and the interfaces Fa0/6 to Interfaces Fa 0/10 have been assigned to VLAN 200. Using the name command have assigned the name to VLANs and finally using the wr (write) command save the work into the startup configuration file.
We have used the command “do wr” because we are in global configuration mode. The command is originally not using in global configuration mode. So, if we are in “User Privileged Mode” then we would use the command “wr or write”. We can also use the copy “running-config startup-config” instead of the “wr” command. Watch the following video for Legacy Inter-VLAN routing configuration:
Legacy Inter-VLAN Routing – Router Configuration
In the Legacy Inter-VLAN routing, there are no static or dynamic protocols needed for the routing. We are just required to configure the IP addresses of the router according to the subnet of the connected VLANs. We can configure the IP address of the interface using “IP address <ip address subnet mask> command in global configuration mode. Remember that the switch must be in the status of “no shutdown”.
Conclusion:
Legacy Inter-VLAN routing is a foundational solution for facilitating communication between different VLANs within a network. As network switches operate primarily at Layer 2 of the OSI model and do not inherently support inter-VLAN communication, routers with multiple physical interfaces become essential for routing traffic between VLANs. By configuring each router interface with a unique VLAN and subnet, Legacy Inter-VLAN routing enables devices within those VLANs to communicate through the router, serving as their gateway. Although this method requires separate physical interfaces and subnets, it offers a straightforward approach to inter-VLAN routing.
FAQs:
Q. What is Legacy Inter-VLAN Routing?
A. Legacy Inter-VLAN Routing is a method of facilitating communication between different VLANs in a network using routers with multiple physical interfaces. It involves configuring each router interface to correspond with a unique VLAN and subnet, allowing devices within those VLANs to communicate through the router.
Q. Why is Legacy Inter-VLAN Routing Necessary?
A. Network switches operate at Layer 2 and do not examine logical addresses, making inter-VLAN communication challenging. Legacy Inter-VLAN Routing addresses this limitation by utilizing routers with multiple physical interfaces to route traffic between VLANs.
Q. How does Legacy Inter-VLAN Routing Work?
A. Each physical router interface is assigned to a different VLAN, and devices within those VLANs communicate through the router. When a device needs to communicate with a device in another VLAN, the router serves as the gateway. The router compares destination IP addresses, forwards traffic between VLANs, and uses ARP requests to determine MAC addresses.
Q. What is the Configuration Process for Legacy Inter-VLAN Routing?
A. Multiple physical interfaces on the router are configured with unique IP addresses for the subnets related to each VLAN. Switch ports are configured in access mode and assigned to specific VLANs. The router interfaces connect to corresponding switch ports, establishing the inter-VLAN communication path.
Q. Do I Need Routing Protocols for Legacy Inter-VLAN Routing?
A. No, Legacy Inter-VLAN Routing does not require static or dynamic routing protocols. The router is configured with IP addresses for each VLAN, and devices communicate through the router without additional routing protocols.
Q. Can Legacy Inter-VLAN Routing be Configured on Switches?
A. Legacy Inter-VLAN Routing primarily involves router configuration. Switches are configured to assign ports to specific VLANs, and the router handles the routing with multiple physical interfaces.
We know that VLANs segment network switch into different portions and assign a different subnet to each VLAN. Switches mainly work at layer 2 of the OSI model, such as the Catalyst 2960 Series. The 2960 series switches support over 4,000 VLANs. But, these switches have very limited IPv4 and IPv6 functionality and they do not look at the logical addresses or layer 3 packets.
We also know that VLAN is a broadcast domain, so one broadcast domain cannot communicate with other broadcast domains. Therefore, computers on separate VLANs are unable to communicate without the intervention of a routing device.
In simple words, VLANs logically segment the switch into different subnet or broadcasts and without layer 3 device and some configuration communication between different hosts not possible. So, any device that supports Layer 3 routing, such as a router or a multilayer switch, can be used to do the necessary routing functionality.
The process of forwarding network traffic from one VLAN to another VLAN using routing is known as inter-VLAN routing. The hosts in the VLANs forwards the traffic to the Layer 2 switches, and then the layer 2 switch sends the traffic to layer 3 device then layer 3; devices decides the destination for the traffic according to the to information in the packet. There are three types of inter-VLAN routing we can use to send traffic between different VLANs.
Dynamic routing is a networking technique that provides optimal data routing. The network administrators and engineers configure a dynamic routing protocol on the network interfaces.
The protocol running on the router learns about others routers automatically and also dynamically exchange routing information with each other. Dynamic routing protocols perform several activities, including network discovery and maintaining routing tables.
Unlike static routing, dynamic routing protocol automatically selects the best route to put into the routing table as well as the network changes update automatically into the routing table accordingly. Cisco ISR routers can support a variety of dynamic IPv4 and IPv6 routing protocols including:
EIGRP and EIGRP for IPv6– Enhanced Interior Gateway Routing Protocol
OSPF– Open Shortest Path First for IPv4 and OSPFv3 for IPv6
IS-IS– Intermediate System-to-Intermediate System
RIP and RIPng(RIP for next Generation for IPv6)– Routing Information Protocol
All the dynamic routing protocols use routing algorithms. There are two types of routing algorithms:
Distance Vector Routing algorithms
Link state routing algorithms
Distance Vector Routing algorithms
A distance-vector routing protocol informs its neighbors about topology changes periodically. It is a simple protocol used in packet-switched networks that use distance to decide the best packet forwarding path.
It is also known as the Bellman-Ford algorithm, where all routers maintain a Distance Vector table containing the distance between the router itself and all other possible destination and the way to the destination.
A hop is a trip that a packet takes from one router to another as it traverses a network on the way to its destination. In simple words, the distance vectors protocols count the hop between the source to the destination.
Each Router configured distance vector algorithm transmits its distance as well as the vector to all neighbors. Other routers using distance vector protocol receives and saves the most recent information from each of its neighbors.
The Distance Vector calculates distance using minimizing the cost to each destination. The Routing Information Protocol(RIP) uses Distance Vector Technique. Using the distance vector, each router advertises its routing table to its adjacent neighbors. Each advertisement has the following information:
Distance – The hop count for the router
Vector – The direction where the route is located
The receiving router does not generate acknowledgements, so it reduces the overhead of routing protocol traffic. The router selects the best path with the lowest cost to the possible destination for the packet.
Routers add the selected route to its routing tables and propagate it to the neighbor using hop to hop until all router spread the information to the entire network.
Links State Routing Algorithms
The Link-State keeps complete record and roadmap of the router running link-state routing protocol in the network. Each router running link-state protocol share information about the router to its directly connected interfaces and the state of all interfaces configuring with the link-state protocol. Link-state routing constantly attempts to keep full networks topology by updating itself incrementally when a change happens in the network.
The router sends routing information to all the routers in the network as multicast messages. After starting up, the router sends its first link-state information to its neighbors.
So, this reduces the network load by only sending updates to its link information. The Open Shortest Path First (OSPF) is the most important routing protocol type of Link-State routing protocol. The important terms of using link-state are following.
Link-state advertisements (LSAs) –It is an update on their link status, so router send LSA when a link has changed from the current state. It is a small packet of routing information flooded out to all routers in their area or zone.
Topological database – A topological database is a set of information gathered from the exchange of several LSAs between routers, they describe the network topology in great detail. All routers in the network store the received LSA packets in the link-state database (LSDB).
SPF algorithm – The shortest path first (SPF) algorithm also known as the Dijkstra’s algorithm, Performed the calculation of the database and builds the SPF tree. All routers in an area run this algorithm in parallel, storing the results in their topological databases.
Routing tables – A list of the known destination and interfaces.
We can configure static or dynamic routes after configuring directly connected interfaces. Static routes are manually configured and provide a clear path between two networking devices. However, they must be manually reconfigured if the network topology changes, which is the main disadvantage of static routes.
It is more secure and efficient than dynamic routes. It uses less bandwidth than dynamic routing protocols because no CPU cycles are required to calculate and communicate routes. It provides easy maintenance in smaller networks that are not expected to grow significantly. We can use this route in different situations.
We can use static routing from stub networks where a single route accesses a network, and the router has only one neighbor.
Using a single default route for a network that does not have a match with another route in the routing table. Default routes send traffic to any destination further than the next upstream router.
We can also use a static route to reduce the number of routes advertised by summarizing several nearby networks as one static route.
Static routing can also create a backup route if a primary link goes down.
Standard static route and Default Static Routes
Summary static route
Floating static route
A route between two specific networks.
Static Default Route, also known as Route of Last
Static Route Between Two Specific Network
We can configure a static route to reach a specific remote network. The command syntax for static IP version 4 routes is the following. Router(config)# ip route network address network mask {next-hop-ip | exit-interface}
The configuration command must be issued in global configuration mode. The static routes are identified with the code ‘S’ in the routing table. The figure below shows the configuration of a static IP version 4 route on Router2 to the Serial 0/3/0 interface.
The static route on Router 2 is configured to reach network 172.16.17.0/24 on Router 3. It is configured using the exit interface toward Router 3. We can also configure the router using the IP address of the next hop. In this example, the next hop is the serial 0/3/0 interface of Router 0.
Both the route with the next-hop address and exit interface are acceptable. There is no difference between them; only they look different in the routing table.
We can also configure the static IP version 6 route between two specific networks. The command should be issued in global configuration mode. The command syntax for the static IPv6 route is as follows. Router(config)#ipv6 route ipv6-prefix/prefix-length{ipv6-address|interface-type interface-number}
Static Default Route
We can also examine another route “S” with an asterisk pointing to gigabitEthernet 0/1. Asterisk illustrates that it is the default route. It is also known as the gateway of last resort because it is not set for any specific network. If the packet destination is unknown for the router, the router search routing table for the default route.
A default route role is similar to a default gateway on a host. It specifies the path for the packet when the router has no information about the packet’s destination. To configure an IPv4 default route, use the following command in global configuration mode.
Router(config)# ip route 0.0.0.0 0.0.0.0 {exit-interface | next-hop-ip}
Notice that the next-hop address for the default route is the exit interface of the router towards Router 0. We can also configure the default static route with the next-hop IP address similar to the static route configuration. In the same way, we can configure the default static IP version 6 route using the following command in global configuration mode.
A routing table has information usually viewed in table format to decide where to send data packets. All IP-enabled devices, including routers, direct a packet to the destination using routing tables.
The router gets route information from the routing table and selects the best path for the destination. Each packet has information about its source and destination. The router examines the packet and matches it to the routing table entry, providing the best match for its destination. Then, the router sends the packet to the next hop on its route across the network.
We can configure routes manually or dynamically. The static routes do not change unless a network administrator manually changes them, but the dynamic routes automatically update and change according to routing protocols. The routing protocols exchange information about the network topology and network changes and update the routing table.
Dynamic routing protocols also allow devices to listen to the network and react to occurrences like device failures and network congestion. The routing table is a data file storing route information about directly connected and remote networks.
Directly connected routes—When configuring and activating the interface, the router adds adirectly connected route against the interface.
Remote routes—These are the routes from remote networks to other routers. We can configure these routes statically or dynamically.
Routing Table Sources
We can check the routing information on a Cisco router using the show ip route command. The router also provides additional route information, including the source of the route, with this command. The following are the different sources of the routing entries.
Local Route interfaces—The router adds the route when we configure and activate the router interface. This entry is available in all IOS for IPv6, but for IPv4, the option is available only in IOS 15 or newer versions.
Directly connected interfaces—The routes that were directly connected were added to the routing table when we activated and configured the interface.
Static routes– The static route is added to the routing table when a route is manually configured, and the exit interface is active.
Dynamic routing protocol—The routing protocols that dynamically learn the network’s information and add the information to the routing table, such as RIP, EIGRP, and OSPF.
We can find the routing entry sources with a code. The code tells us the source of the route information. The figure below illustrates the codes of the route sources, including the entries in a single route:
Some common codes are:
C–This code is for the directly connected network.
L– This code is for the Local Router/Switch Interface route.
S– We can find a static route with this code.
D– This is the identification code for a dynamically learned network from another EIGRP router.
O– This code Identifies a dynamically learned network from another router using the OSPF.
R– This code Identifies a dynamically learned network from another router using the RIP.
S*– This is the default route.
Remote Network Routing Entries
Understanding the content of an IPv4 and IPv6 routing table is most important. We have marked the route to destination network 172.16.17.0 in the above figure. The marked entry for 172.16.17.0 identifies the following information:
Route source—This entry identifies how the router adds this route. In this example, the entry is “D”, meaning the router learns this route from the dynamic routing protocol EIGRP.
Destination network– This is the entry for remote network Identification. In this example, the remote network is 172.16.17.0.
Administrative distance—This is the trustworthiness of the route source. Lower values indicate amore trustworthy route to the destination network.
Metric—The metric is the cost of each available route, so the router selects the most cost-effective path. The Lower values indicate preferred routes to the destination.
Next-hop– This is the IPv4 address of the next connected router to send the packet.
Route timestamp– This entry shows the timing since the route was added.
Outgoing interface–This entry identifies the exit interface of the router that sends a packet toward the destination.
Directly Connected Interfaces
A newly Installed router, without any configured and active interface, has an empty routing table, as shown in the figure below.
Before the interface state is up/up and added to the routing table, the interface must be assigned a valid IPv4 or IPv6 address and must not be shut down. It should also be able to receive the carrier signals from another device, e.g., router, switch, host, etc.
When the interface is up, the network of that interface is added automatically to the routing table as a directly connected network. For example, when we configure the interfaces of Router5 with IPv4 addresses and issue the no shutdown command, it receives the carrier signals from the router and hosts. It updates the routing table from an empty routing table, as shown in the figure below.
Directly Connected Routes (C) and Local Routes (L) Entries
The properly configured connected interface creates two routing table entries. The figure below displays the IPv4 routing table entries on Router5 for the directly connected network 172.16.19.0. The directly connected router interfaces’ routing entries contain the following information:
Route source– This entry identifies the route source. Directly connected interfaces have two route source codes. “C” and “L”. The “C” is for the directly connected network, and the “L” is for the IPv4 address assigned to the router interface.
Destination network– The address of the remote network.
Outgoing interface–This is the router’s outgoing interface for the destination network.
Another route it is showing is the Local (L) route. The difference between Local and Directly connected routes is that a directly connected route is a route to a network that is directly attached to the interface and Local is the route that belongs to the router/switch itself in the above example you can see that in the directly connected route the destination is 172.16.19.0/24 address but the destination in Local route is 172.16.19.1 which is configured on the same Router (Router5)
In network environments, routers often receive multiple routes to the same destination from different sources, such as routing protocols (e.g., OSPF, EIGRP, RIP), static routes, or directly connected networks. To select the most trustworthy route, Cisco routers use Administrative Distance (AD), a critical concept in the Cisco Certified Network Associate (CCNA) curriculum. This article explains AD’s purpose, default values, and practical applications.
Note:- At the end of this article, the assessment test is waiting for you about the Administrative Distance
What is Administrative Distance (AD)?
Administrative Distance (AD) is a numeric value between 0 and 255 that routers use to evaluate the reliability of a routing information source. The lower the AD value, the more trustworthy the source. When multiple routes to the same network exist, the router compares their ADs and selects the route with the lowest AD. Only if ADs are equal does the router use metrics (e.g., hop count, cost) to choose the best path.
For example, if the routing table has more than one route source for the same destination network, a router configured for that network will use both Enhance Interior Routing Gateway Protocol (EIGRP) and Routing Information Protocol (RIP).
So, both routing protocols may decide a different path to the destination based on that routing protocol’s metrics because RIP selects a path based on hop count, and EIGRP selects a path based on its composite metric. So, the administrator distance is the value that tells the router which path is best and which path to use first.
As I initially asked, it is a numeric value ranging from 0 to 255. A smaller AD value is more reliable and trustworthy. Therefore, the best AD value is 0, and the worst is 255. The static route AD is 1, whereas the AD of EIGRP is 110, so the static route is more reliable and trustworthy.
When there are static and EIGRP routes to the same destination, the router chooses the static route because it has the lowest AD value.
If EIGRP and OSPF are configured to the same destination, the router will choose EIGRP because the AD of EIGRP is 90 and OSPF’s is 110. So, the router will determine the route with the lowest value, EIGRP its AD, and OSPF’s Thus,
Default Administrative Distance Values
The table below illustrates the default router administrative distance values. We can change and modify the administrative distance of a routing protocol through the distance command in the routing sub-configuration mode. However, modifying the AD value can lead to routing loops and black holes, so use caution if you change it.
Below are Cisco’s default AD values for familiar route sources:
Caution: Incorrect AD configurations can lead to routing loops or suboptimal paths.
Troubleshooting with Administrative Distance
Common scenarios where AD impacts routing decisions:
Unexpected Route Selection: A static route might override a dynamic route due to lower AD.
Backup Routes: Configuring a floating static route (with higher AD than dynamic protocols) ensures it’s used only if the primary route fails.
ip route 192.168.1.0 255.255.255.0 10.0.0.2 200 # Backup route (AD 200)
This route activates only if the primary OSPF route (AD 110) becomes unavailable.
Conclusion
Administrative Distance (AD) is a foundational concept in Cisco networking that ensures routers select the most reliable path when multiple routes exist. Network engineers can optimize traffic flow and maintain robust network designs by understanding default AD values, configuring custom ADs, and troubleshooting route preferences. Mastery of AD is essential for CCNA certification and real-world network management.
Key Takeaways:
Lower AD = More trustworthy route.
AD is prioritized over metrics.
Always verify AD values when troubleshooting routing issues.
MCQs for CCNA Exam Preparation
CCNA Administrative Distance Self-Assessment
CCNA Administrative Distance Self-Assessment
1. What is the primary purpose of Administrative Distance (AD)?
2. Which of the following has the lowest default Administrative Distance?
3. What is the default Administrative Distance for OSPF?
4. When two routes to the same destination have the same Administrative Distance, what does the router use to choose the best path?
5. A router receives a route via RIP (AD 120) and EIGRP (AD 90). Which route is preferred?
6. What is a floating static route?
7. Which statements are true about Administrative Distance and metrics? (Select all that apply)
8. Why should changing the default Administrative Distance be done cautiously?
9. Which route source has a default AD of 20?
10. What is the Administrative Distance of a directly connected network?
