Networking

Cisco administration 101: What you need to know about default routes

Default routes tell routers and switches where to go to if they don't have a specified route in their routing table. David Davis reviews the basics of default routes, explains how to configure a static route, and tells you how to distribute a default route.

Just as a PC has a default gateway to get to its local router -- and therefore to the Internet -- many routers and switches also have default routes to access networks that aren't local. Default routes are a special type of route -- and an important part of IP routing. Understanding how and when to use default routes is imperative to proper network setup.

Think of a default route as a "gateway of last resort." This special route tells computers or other routers to contact the next hop of the default router if they don't have a more specific route. Without a default route, a router will drop a request for a network that isn't in its routing table and send ICMP Destination Unreachable to the source of the traffic.

Here's a simple example: Our PC has an IP address of 192.168.1.100 and a subnet mask of 255.255.255.0. Let's say we want to talk to a server on the LAN, which has an IP address of 192.168.1.200.

For this, we actually don't need a default route or default gateway configured on the PC. However, as soon as we want to talk to any other device not on the 192.168.1.0 network, we'll need to go to the default gateway/route -- for example, one at 192.168.1.1.

When talking about default gateways on PCs and default routes on routers and switches, it's important to differentiate between the two. A PC only connects to the network with a single interface, and it isn't a router; a switch (unless it's a Layer 3 switch) fits into the same category as the PC.

On the other hand, a router -- as long as it's really routing and not bridging -- has multiple interfaces. It uses a default route to know where to send traffic that isn't on one of the known networks.

Examples of default routes

Many times, people call default routes 0/0 routes because these routes have an IP address of 0.0.0.0 and a subnet mask of 0.0.0.0. This basically says, "For any IP address that has any subnet mask, send it my way."

What does a default route look like in a router's routing table? Here's an example:

Router# show ip route
<…truncated…>

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

C    192.168.1.0/24 is directly connected, FastEthernet4
S*   0.0.0.0/0 [254/0] via 192.168.1.1

Here's what it looks like on a PC:

C:\> ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.1.105
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1

How to obtain a default route

While you can't tell it from the output, we obtained both the default route and default gateway in our examples via Dynamic Host Configuration Protocol (DHCP). There are actually three ways to obtain a default route.

  1. Configure a static route.
  2. Receive a default route from another router through a routing protocol (not usually used on a PC).
  3. Receive a default route via DHCP.

For more information on the differences among the three, check out Cisco's Configuring a Gateway of Last Resort Using IP Commands documentation.

While you can use the ip default-network command to set a default route on a router, I recommend just creating a static route using the ip route command. Here's an example of configuring a default route on a router or switch:

Router(config)# ip route 0.0.0.0 0.0.0.0 1.1.1.1

Here's what this command says: For all traffic that doesn't go to one of the locally connected networks, forward it to the router at IP address 1.1.1.1. (Of course, the router also has to know how to get to that IP address, so make sure you specify one of your connected networks on one of the router's interfaces.)

How to distribute a default route with a routing protocol

Let's say you want to use your core router to tell all other routers that they should come through this core router if they have any network that they can't access. When it comes to configuring this, each routing protocol is different, so you may want to check Cisco documentation for some help.

For this example, let's use the Routing Information Protocol (RIP). First, we could check out Cisco's Configuring Routing Information Protocol documentation, which offers a couple of options.

In my opinion, our best option is to use the default-information originate command to send a default route to another router. Here's an example (which assumes we've already configured RIP):

Router(config)# router rip
Router(config-router)# default-information originate

This sends the default route to all other RIP routers (as shown above in the first example).

How familiar are you with default routes? Do you use them on your routers and switches? How do you distribute default routes to your routers? Share your methods in this article's discussion.

Miss a column?

Check out the Cisco Routers and Switches Archive, and catch up on David Davis' most recent columns.

Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!

David Davis has worked in the IT industry for 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.

16 comments
norm44
norm44

//ISP file // router 3 en config t hostname ISP no ip domain-lookup no logging console enable password cisco enable secret class banner motd #ISP Router# line con 0 15 password cisco login line vty 0 4 password cisco login privilege level 15 login local transport input telnet transport input ssh exit ip domain-name customer.com crypto key generate rsa 768 exit int s0/0/0 ip address 209.165.200.2 255.255.255.0 encapsulation ppp clock rate 64000 no shut int s0/1/0 ip address 209.165.100.2 255.255.255.0 encapsulation ppp clock rate 64000 no shut ip route 192.168.20.0 255.255.255.0 209.165.200.1 wr sh run /// public // router 1 en config t hostname Public no ip domain-lookup no logging console enable password cisco enable secret class banner motd #Public Router# line con 0 password cisco login exit line vty 0 15 password cisco login privilege level 15 login local transport input telnet transport input ssh exit ip domain-name customer.com crypto key generate rsa 768 int s0/0/0 ip address 209.165.200.1 255.255.255.0 encapsulation ppp no shut ip nat inside source static 192.168.20.252 209.165.200.254 int fa0/0 ip address 192.168.20.1 255.255.255.0 no shut exit ip route wr sh run /// CUSTOMER /// router 0 en config t hostname CUSTOMER no ip domain-lookup no logging console enable password cisco enable secret class banner motd #CUSTOMER Router# line con 0 password cisco login exit line vty 0 15 password cisco login privilege level 15 login local transport input telnet transport input ssh exit ip domain-name customer.com crypto key generate rsa 768 int s0/0/0 ip address 209.165.100.2 255.255.255.0 encapsulation ppp no shut ip nat outside ip nat inside source static 192.168.10.124 209.165.100.200 int fa0/0 ip address 192.168.10.1 255.255.255.192 no shut ip nat inside int fa0/1 ip address 192.168.10.65 255.255.255.192 no shut ip nat inside exit ip route 0.0.0.0 0.0.0.0 209.165.100.1 ip dhcp excluded-address 192.168.10.1 ip dhcp excluded-address 192.168.10.62 ip dhcp excluded-address 192.168.10.61 ip dhcp pool Lan_1 network 192.168.10.0 255.255.255.192 default-router 192.168.10.1 dns-server 192.168.10.61 exit access-list 1 permit any ip nat inside source list 1 interface serial 0/0/0 overload wr sh run ////switch 1 publicSwitch en config t no ip domain-lookup no logging console hostname publicSwitch enable password cisco enable secret class line con 0 password cisco login line vty 0 15 password cisco login rivilege level 15 login local transport input telnet transport input ssh exit ip domain-name customer.com crypto key generate rsa 768 int vlan 1 ip address 192.168.20.254 255.255.255.0 no shut exit ip default-gateway 192.168.20.1 ////switch 2 lan_1_Switch en config t no ip domain-lookup no logging console hostname lan_1_Customer_Switch enable password cisco enable secret class line con 0 password cisco login line vty 0 15 password cisco login privilege level 15 login local transport input telnet transport input ssh exit ip domain-name customer.com crypto key generate rsa 768 int vlan 1 ip address 192.168.10.62 255.255.255.192 no shut exit ip default-gateway 192.168.10.1

norm44
norm44

Start with router 1 enable configure terminal hostname R1 enable password 111111 enable secret 111111 line con 0 password 111111 login exit line vty 0 15 password 111111 login exit banner motd # This is my MOTD# no ip domain-lookup no logging console Fast Ethernet interface fa 0/0 desc Fast internet 0/0 for network ??.??.??.?? ip address 172.16.0.1 255.255.0.0 description R1 gateway ip nat inside no shutdown exit ip route 0.0.0.0 0.0.0.0 172.17.0.2 ip dhcp excluded-address 172.16.0.1 172.16.0.5 ip dhcp pool pool1 network 172.16.0.0 255.255.0.0 default-router 172.16.0.1 end copy run start Repeat for router 2 Serial on R1 interface serial 0/0/0 Desc Serial 0/0/0 for network ??.??.??.?? ip address 172.17.0.1 255.255.0.0 no shutdown ip nat outside clockrate xxxxx (where xxxxx equals the baud rate you wish to set) Repeat for serial on R2 router rip version 2 network 192.168.0.0 Telnet (routers need console and vty lines configured to access with telnet) telnet (interface ip address) Ctrl+Shift+6 x to pause telnet connection Enter to resume last connection or Resume (number of connection) ie Resume 2 Configuring the Vlan on a switch enable configure terminal interface vlan 1 ip address 192.168.1.2 255.255.255.0 no shutdown description Switch 1 exit ip default-gateway 192.168.1.1 end copy run start

norm44
norm44

Start with router 1 enable configure terminal hostname R1 enable secret 111111 line con 0 password 111111 login exit line vty 0 15 password 111111 login exit banner motd # This is my MOTD# no ip domain-lookup no logging console Fast Ethernet interface fa 0/0 desc Fast internet 0/0 for network ??.??.??.?? ip address 172.16.0.1 255.255.0.0 description R1 gateway ip nat inside no shutdown exit ip route 0.0.0.0 0.0.0.0 172.17.0.2 ip dhcp excluded-address 172.16.0.1 172.16.0.5 ip dhcp pool pool1 network 172.16.0.0 255.255.0.0 default-router 172.16.0.1 end copy run start Repeat for router 2 Serial on R1 interface serial 0/0/0 Desc Serial 0/0/0 for network ??.??.??.?? ip address 172.17.0.1 255.255.0.0 no shutdown ip nat outside clockrate xxxxx (where xxxxx equals the baud rate you wish to set)

geleftheriou
geleftheriou

I use the default route 0.0.0.0 0.0.0.0 on all my stub routers. for the other default routes that I set on my main router I use redistribute static to advertise them to other routers

abkaniki
abkaniki

i will tag it on my space thanx

newbuntu
newbuntu

I'm studying for CCNA. I have some observations and questions on the switch IP and default route. I'd like to verify if my understanding is correct. Any feedback is welcome. 1. A layer 2 switch doesn't need an IP address (therefore no need for default route) to function. 2. Given 1) above, then what's purpose of an IP and a default route for a layer 2 switch? Here is my understanding: a) One obvious purpose of a switch IP is for remote access (telnet). Besides this, does it have any other purpose? b) A layer 2 switch doesn't do routing. If telnet is the only purpose (I suspect I am wrong on this assumption), then why does it need a default route? Unless we think the switch as a host (like a PC has its IP and default route), in this scenario, the switch is not performing any switching functions per se. c) A switch pretty much acts on its MAC table, which maps port number (f0/1, 2 etc) to a MAC address. My understanding is that by the time a packet arrives at a switch, the destination is represented as a MAC address. Destination IP (which is wrapped inside the packet) is never a concern for the switch. Am I wrong on this one?

kukkudi
kukkudi

It's very much useful

ddavis
ddavis

Hi newbuntu, You are absolutly correct. The only purpose for a default gateway on a L2 switch is for remote management. So, yes, you can think of the L2 switch just like a PC host in this situation. Both the PC and the L2 switch need a default gateway so that they can communicate outside their LAN. Thanks for reading TechRepublic! -David

Triathlete1981
Triathlete1981

i'm not a ccie, just a lowly ccna, but the guy who responded after my initial comment when he mentioned stub networks was right on the money. undoubtedly there's stuff about cisco i don't know when you're talking about the ccie level, but some of the core principles about routing protocols don't really change. and besides, if this was meant to help people, he should start at a very basic level, include some commands (rip commands if he wanted to go that route - that's a pun) and then explain in simpler terminology what he was trying to explain.

Triathlete1981
Triathlete1981

for starters, i am a ccna... and what was the point of this guy's post? he wanted to tell us about deafult routes? he didn't explain what a default route is, how to configure it, in what instances you can configure it, what instances you can't configure it, the commands to configure it, etc. all he showed was that you can configure one. woop-de-doo! thank you dave for your insightful but useless article. how bout next time telling people the actual commands in config mode to set up a default route. and why would you want to set up a default route anyway if you're using rip as a routing protocol? and why would you even use rip? unless your routers are all multi-vendors, rip's basically useless. too few hops. use ospf instead. fyi, default routes are really not worth even putting in unless your network is real small and you are setting up static routes to everywhere (idiotic).

ddavis
ddavis

I appreciate everyone's feedback on this article. As the title said with the "cisco administration 101", this was meant to be an introductory article. Thus, it won't apply to everyone out there. Let me give you a little background on why I wrote this article. I had two questions from novice Cisco folks out there that spawned this. Question 1 - why can't I access this Internet through my PIX? After this person posted their configs and I reviewed them, I found that he had everything right but didn't have a default route set to point to his ISP's router. Question 2 - this cisco user contacted me about how he could put a cisco router behind his low-end linksys/dlink/netgear router and exchange routes. Usually, these low end routers only offer RIP. Thus, I offered advice on how these two devices could exchange routes. In both cases, the person was interested in getting out to the Internet from a small network. In cases like that you are going to be using a default route. Default routes are also typically injected into dynamic routing protocols (no matter what protocol you use - RIP, EIGRP, OSPF, BGP, etc) so that remote sites can get back to a central network (and usually to the Internet from there). Thus - the idea for an introductory article on what a default route is and how to configure one was spawned. This article was meant to answer both of those basic questions. To those who didn't find the article useful, I suspect that it was because your level of knowledge is higher than the "101 level". To those TechRepublic Members I ask that you suggest what article topics you *would* like to read about. We like to do a mix of basic, intermediate, and advanced articles. I am always open to article topic ideas! In fact, today, I am working on a great new article that fits more into the intermediate/advanced level. I think that the type of readers who didn't find this article useful will find that article useful. On the other hand, it could leave some of our "101 level" readers posting discussions like "that's too complex for me". But, that is the great thing about TechRepublic, there is something for everyone here! Thanks for reading TechRepublic! -David

domiller0550
domiller0550

Default routes are used to direct packets addressed to networks not explicitly listed in the routing table. Default routes are invaluable in topologies where learning all the more specific networks is not desirable, as in case of stub networks, or not feasible due to limited system resources such as memory and processing power.

ivan.ivanbaby
ivan.ivanbaby

This Article is getting more and more informative with the comments.

don.radick
don.radick

The original article was written by a CCIE, but, man, it was messed up! Per the article: Router(config)# ip route 0.0.0.0 0.0.0.0 1.1.1.1Here's what this command says: For all traffic that doesn't go to one of the locally connected interfaces, forward it to the router at IP address 1.1.1.1. (Of course, the router also has to know how to get to that IP address, so make sure you specify one of your connected networks on one of the router's interfaces.) Well, actually, NO! How many errors can this guy make in one paragraph? The default route tells the router where to send a packet if the packet destination cannot be resolved via the IP routing table. (NOTE, not local interface, dude) Yes, the router must be able to reach the listed IP adress in the static route, but there are specific reasons why you might need to make that a local interface, and there are specific reasons why you may need to make that a "next hop" neighbor router interface. As to RIP, I agree with the other comments. Each IP routing protocol does something different with defualt routes, and no one uses rip anymore.

Editor's Picks