Configure and verify default routing
Exam: Cisco 300-101 - CCNP Implementing Cisco IP Routing (ROUTE v2.0)
In CCNP exam number 300-101 Route there is a topic of “Configure and verify default routing” under the main topic of “layer 3 technologies”. In this chapter we will discuss some aspects of the topic that may be of importance from the exam point of view. We hope that you will find this topic of help as you prepare for the CCNP exam.
A default route must be set for any network as a minimum requirement. This holds good for any network to which the ASA is not directly connected. It can also be set in a router between the ASA and a network. If there is no static or default route defined then an error will be raised. You must know here that a multiple context mode will not support dynamic routing.
If you want to send traffic to an upstream router then you must use a default route. You can depend on the router to route the traffic. It may happen in some cases that the default gateway will not be able to reach the destination network. This is when you will need to configure a specific static route.
In a transparent firewall mode too you must configure a default or a static route this will help the ASA to know which interface it should send the traffic to. The traffic that originates in ASA will include some communication to the syslog server, AAA server or Websense server. There can be severs that cannot be reached by default routes in those cases a static route is a must. The ASA can support up to three cost routes on the same interface this will help in load balancing.
There are some guidelines and limitations of this feature that you must know and we will be discussing them now. It is supported in a single and multiple context modes. It is also supported in the routed and transparent firewall modes. It supports the IPv6 guidelines.
Configuring the default static route
A default route will always identify the gateway IP address to which the ASA will send all the packets. These packets will not have a learned or a static route generally. A default static route is nothing but a static route that has the destination IP address as 0.0.0.0/0. The routes that will identify a specific destination will always get importance over a default route.
In a device upto three equal cost default route entries can be set. If more than one equal cost default route entry is set the traffic will automatically be sent to the default route so that it can be specified among the gateways. When you have more than one default route you will have to specify same interface for each entry.
You must remember that you will not be able to define separate default route for the tunnelled traffic along the standard default route. The default route can also be created with the tunnelled option.
All the traffic that comes and cannot be routed using the static or learned routes can be sent to this route. Any traffic that is coming from the tunnel this route will override if there is any other learned or configured default route.
We will now discuss some of the limitations of configuring a default static route and these are:
- If the TCP intercept is enabled on the egress interface of the tunnelled route the session may fail.
- You should not enable the unicast RPF on the egress interface of the tunnelled route as this will cause the session to fail.
- The VoIP inspection engines cannot be used , neither can DNS inspect engine or DCE RPC inspection engine with tunnelled routes can be used. This is mainly because these inspection engines ignore the tunnelled route.
Similarly other points to remember is that you cannot define more than one default route with the tunnelled option. The ECMP for the tunnelled traffic is also not supported.
The command that is used to define the tunnelled default route is – “route if name 0.0.0.0.0.0.0.0 gateway ip [distance |tunnelled]. The first 4 zeroes is a wildcard which means that a direct match is needed.
The second set of 4 zeroes is a subnet and that too means that a direct match is needed. In the last part that is after the zeros you will mention ip address of the next hop it can also be for the device that will give the default gateway. The administrative distance is always 1 by default. The administrative distance is the parameter that is used to compare the routes. The default administrative distance for OSPF discovered routes is 110.
The ASA will automatically route the IPv6 traffic between the directly connected hosts. If the interfaces to which the hosts are attached have IPv6 enabled and that is why the IPv6 ACls allow the traffic.
The default and static route must be monitored too. We will now explain how they can be monitored. The route command is used in order to enter the static or the default route that you want for a specified interface.
Using the ip address dhcp command you can obtain the default route through DHCP. To track the default route that can be obtained through the PPPOE the command used is hostname (config –if) #ip address pppoe setroute. The PPPoE clients can be set on multiple interfaces with route tracking.
One common problem with the static route is that there is no way to find out if the route is up or down. These will tend to be available in the routing table even after the next hop gateway becomes unavailable.
It is easier to configure the default route in the global configuration mode. The ip default network command is generally used for setting the route. You must after setting the default route also verify the default route. This can be done using the show IP route command. This will help you to check the route that you just added and also ensure that it is fine.
These are more or less all that you need to know under the topic of “Configure and verify default routing” from the exam point of view. We hope that this will help you to prepare better for the exam and get a good score.
Related IT Guides
- Configure and verify IPv4 and IPv6 DHCP
- Configure and Verify network types, area types, and router types
- Configure and Verify RIPv2
- Configure and verify static routing
- Describe administrative distance
- Describe device security using IOS AAA with TACACS+ and RADIUS
- Describe DMVPN (single hub)
- Describe IPv6 NAT
- Describe, configure, and verify BGP peer relationships and authentication
- Explain BGP attributes and best-path selection
- Explain Frame Relay
- Explain general network challenges
- Layer 3 technologies - Describe administrative distance
- Use Cisco IOS troubleshooting tools