ROUTING BASICS
TABLE OF CONTENTS
1 General..........................................................................................................................................................1
2 Routing Path Selection...................................................................................................................................2
3 Static routing................................................................................................................................................. 3
4 IPv6 Static Routing.........................................................................................................................................4
5 Router-on-a-stick (ROAS)...............................................................................................................................5
6 SVI Routing.................................................................................................................................................... 5
7 Layer 3 Etherchannel.....................................................................................................................................6
1 GENERAL
- Routers make separate broadcast domains
- Router -> moves data between networks
- Gateway -> moves data between different types
- Router routing logic:
o Check FCS (discard if it has errors) + destination MAC (discard if it’s not the interface)
o De-encapsulate frame
o Make routing decision
o Encapsulate packet
o Transmit packet
- When interface is up/up and has an IP address configured:
o Router adds connected route for that subnet in routing table (= Routing Information Base
(RIB))
o Router adds local route for that IP address (/32) with an AD of 0
- Default 240 minutes for ARP entry
- Pinging a host from a router in the same subnet does not test the default gateway of the host, pinging
with an extended ping using another interface on the router to send the ping, does.
- Cisco IOS traceroute creates IP packets with a UDP header, instead of ICMP echo requests (so it’s
possible that an ACL blocks host traceroute/ping, but not the routers traceroute/ping)
- control-shift-6-x to move between ssh/telnet sessions, press Enter to resume the session
- Common router models:
o 1600/1700/1800/1900:
o 2600/2700/2800/2900:
o 3800/3900: for medium to large enterprises, module slots
o 7200/7300/7600: designed for SP
- Memory:
o Flash memory
The hard drive of the device
Compressed version of IOS
o Dynamic memory
o IOS image versions require different amount of memory, so check this on release notes and
on router
1
� Configure basic router settings
Hostname name Config
Enable [algorithm-type {md5|sha256|
Conf
scrypt}] secret password
Line console 0 Config
Password pasw Config-line
Login Config-line Password has to be used to log in
Service password-encryption Config
Banner motd #msg# Config
Logging synchronous Conf-line Do this on all lines
No ip-domain lookup Conf
Configure router interface
Interface intf Config
Description descr Conf-if
Ip address ipAddr mask Conf-if
Ip address ipAddr mask secondary Conf-if Add secondary IP (multiple possible)
Command can be repeated multiple times
Ipv6 address ipAddr/prefLength [link-local |
Conf-if to add multiple IPv6 addresses to the same
eui-64]
interface
Generate own ipv6 link local address
Ipv6 enable Conf-if
without having global unicast addr
No shutdown Conf-if
[OPT] clock rate clockr Conf-if For serial interfaces (DCE)
Duplex {full|half|auto} Conf-if
Speed {10|100|1000} Conf-if
Send ICMPv6 router advertisement msg’s
[OPT] ipv6 unicast-routing config out the intf to give hosts an ipv6 and
default gateway
Interface loopback number Config Config ipv4 loopback
Configure TCP initial max segment size
ip tcp mss mssValue Conf
(MSS), originating from the router itself
Configure MSS for data that is being
ip tcp adjust-mss mssValue Conf-if
forwarded by the router
Verify interface settings
Show ip[v6] interface [brief | intf |vlan
vlanID]
Show interfaces
Show ip interface brief | e unassigned
Show protocols [intf]
Show running-config
Clear ip arp [ip]
Show arp
Show controllers serial intf Verify clock rate
2 ROUTING PATH SELECTION
2
� - Router identifies path by evaluating the prefix that is programmed in the Forwarding Information
Base (FIB)
- The FIB is a mirror of the Routing Information Base (RIB)
- 3 main components:
o Prefix length:
The leading bits in subnet mask
More specific route is preferred (= longest prefix length = higher subnet mask)
o Administrative Distance (AD):
Rating of trustworthiness of a route
AD is compared when prefix length is the same (lower is better)
Default AD values should never be changed (can cause routing loops)
o Metric:
Unit of measurement used by routing protocol to calculate best path
Compared when prefix length and AD are the same (lower is better)
If metric is also the same, equal-cost multipathing can be done
EIGRP can be configured to install multiple routes with different path metrics in the
routing table, providing unequal-cost multipathing
- AD table:
Route Source Default administrative distance
Connected interface 0
Static route 1
EIGRP summary 5
eBGP 20
Internal EIGRP 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
EGP 140
On Demand Routing (ODR) 160
External EIGRP 170
Internal BGP 200
DHCP default route 254
Unknown 255
3 STATIC ROUTING
- No network intelligence
- Does not use network bandwidth like dynamic routing protocols
- Useful when:
o Dynamic routing protocols cannot be used because of CPU limitations
o Routes learned from dynamic routing protocols need to be superseded
- Three types:
o Directly attached static route (only outbound interface specified)
This route does not display [AD/Metric]
Not recommended if outbound interface uses ARP (like Ethernet) because the router
must repeat the ARP process for every destination that matches the static route
show ip arp will show entry for all destination that match the route
ARP is normally not forwarded outside of broadcast domain, but proxy ARP
is enabled by default on most routers, which allows routers to respond to
3
� ARP requests with its own MAC address if it has a route in the routing table
to the IP in the ARP request
Should only be used with point-to-point serial interfaces (because this does not use
ARP)
Requires the outbound interface to be in an up/up state
o Recursive static route (only next-hop IP specified)
Recursive lookup occurs when router queries the RIB to locate the route toward the
next-hop IP, and then cross-references this IP with the adjacency table
Requires the next-hop IP to exist in the routing table, otherwise the static route will
not be put in RIB
Next-hop IP cannot be resolved by the default route
Most of the time, the next-hop IP is in the routing table as a result of a directly
connected link
[AD/Metric] is present
Can occur that the next-hop resolves to an interface in the opposite direction
o Fully specified static route (outbound interface and next-hop IP specified)
Makes sure the next-hop resolves to the correct interface
If outbound interface is not up, the route is removed from RIB
Does not involve ARP
- Floating static route:
o Route with higher static AD as fallback for other routes
- Static null route:
o Null interface is a virtual interface always in an up state and does not forward traffic (drops
it without using CPU)
o Can be used to drop traffic without using an ACL
o Can be used to prevent routing loops
o Uses a summarized network range, meaning that all packets that do not have a longer match
are dropped
- If static route does not appear in routing table after configuration, outgoing interface can be down
- Host route = route to reach a single host (/32)
- Most specific route wins
- When configuring a static route, MAKE SURE YOU ALSO HAVE A ROUTE BACK
ip route address mask {exit-inf | Config Use distance for floating static route (will
nextHopIP } [distance] [permanent] [name not be in routing table if there is a better
discription] route)
Permanent for keeping route in table, even
if interface is down
ip route [Link] [Link] {nexthopIp | exit- Config Set default route, with next-hop it’s a
inf} [permanent] [name discription] recursive static route, with exit-inf it’s a
directly connected route, with both it’s
fully specified route
ip route address mask null0 Conf Static null route
show ip route static
show ip route address The router lists the route it would use to
reach address
4 IPV6 STATIC ROUTING
4
� - If the next-hop address is an IPv6 link-local address, the static route must be a fully specified static
route (because the same link-local address can be used on multiple local router interfaces). If you use
a global unicast address as next hop, you do not have to specify exit interface
- IPv6 uses NDP (Neighbor Discovery Protocol, which is multicast based) instead of ARP (because
broadcast does not exist in IPv6) to determine neighboring device’s MAC address
ipv6 unicast-routing Conf Enable IPv6
ipv6 route prefix/prefixLength {exit-inf | Config Use distance for floating static route (will
nextHopIP } [distance] [permanent] [name not be in routing table if there is a better
discription] route)
Permanent for keeping route in table, even
if interface is down
ipv6 route ::/0 {ipv6Addr | exit-intf} Config Set ipv6 default route
show ipv6 route static
show ip route address The router lists the route it would use to
reach address
show ipv6 neighbors Show IPv6 neighboring table
5 ROUTER-ON-A-STICK (ROAS)
- Native VLAN id can be configured on the subinterface, or the physical interface, or ignored; 2 possible
configurations:
o IP address command on physical interface, but without an encapsulation command. The
router considers this physical interface to be using the native VLAN.
o Configure Encapsulation dot1q vlan-id [native] on subinterface
- Check if VLANs on switch side are not VTP pruned or STP blocked
Router side:
Configure router-on-a-stick
Interface g0/0.X Conf Create subintf
Encapsulation dot1q vlanID [native] Conf-subinf Configure subintf to operate on a vlan
Ip address ipAddr Conf-subinf
Show ip ro
Show vlans Shows which trunks use which interface +
which native vlan + Also shows packet
transmit, useful for troubleshooting
Switch side:
Configuring trunk
Switchport mode trunk Conf-if Trunk port
Switchport trunk native vlan vlanID Conf-if
Switchport trunk allowed vlan vlanList Conf if Specify list of vlans allowed on the trunk
link
6 SVI ROUTING
- Make sure vlan is created and not in shutdown (or vlan interface will be in up/down state)
5
� - Switch must have an interface associated to that VLAN in an up state for the SVI to be in an up state
- Vlan interfaces still use layer 2 switching logic (based on MAC)
- Interfaces can be made layer 3 (=routed port), so it makes a forwarding decision based on destination
IP
- Routed port used when only one switchport connects to that subnet. Mostly used in PPP &
distribution and core layer
- Vlan interface in up/down state? -> make sure there is an up/up interface in that vlan!
Layer 3 switch
Sdm prefer lanbase-routing Conf Make L2 switch a L3 switch, changes how
the switch forwarding chips allocate
memory for different forwarding tables
Reload
Ip routing Conf Enable routing
Interface vlan vlanID Conf Set SVI, after this command ‘ip address’
Ip address ipAddr mask Conf-if
Ipv6 address ipAddr/prefLength Conf-if
No shutdown Conf-if
Routed port
No switchport Conf-if Configure routed port
Ip address ipAddr mask Conf-if
Ipv6 address ipAddr/prefLength Conf-if
No shutdown Conf-if
Show interfaces status Lists ‘routed’
7 LAYER 3 ETHERCHANNEL
- L3 EtherChannel treats the channel as a routed port instead of a switched port (L2 EtherChannel)
- Interfaces in an EtherChannel must match on these conditions:
o No switchport command
o Duplex/speed settings
Config on EACH physical interface:
Channel-group groupID mode { active | Conf-if-range PAgP: desirable,auto
auto | desirabe | on | passive } LACP: active, passive
On keyword uses neither PAgP or LACP
No switchport Conf-if
No ip address Conf-if
Config on port-channel interface:
Interface port-channel groupID Conf-if-range Enter port channel configuration mode,
here the speed, duplex settings, allowed
vlans can be configured
No switchport Conf-if Configure routed port
Ip address ipAddr mask Conf-if
