Default gateway on Cisco IOS

On Cisco hardware, or at least on most of the IOS family, there are three ways of specifying a default gateway. Let us look into that:

ip default-gateway
ip default-network
and ip route 0.0.0.0 0.0.0.0

The ip default-gateway command differs from the other two commands, as it should only be used when ip routing is disabled on the Cisco router, which means most probably never, unless in boot mode. In such case, you can use it to define a gateway to use TFTP to transfer a Cisco IOS image to the router. Apparently, the router does not have ip routing enabled in boot mode.

***

ip default-network

So, unless in boot mode, you should probably be using the ip default-network command. When you configure ip default-network the router considers routes to that network for installation as the gateway of last resort on the router.

For every network configured with ip default-network, if a router has a route to that network, that route is flagged as a candidate default route.

show ip route
Gateway of last resort is not set
161.44.0.0/24 is subnetted, 1 subnets
C 161.44.192.0 is directly connected, Ethernet0
131.108.0.0/24 is subnetted, 1 subnets
C 131.108.99.0 is directly connected, Serial0
S 198.10.1.0/24 [1/0] via 161.44.192.2

show ip route
ip default-network 198.10.1.0

 Gateway of last resort is 161.44.192.2 to network 198.10.1.0
161.44.0.0/24 is subnetted, 1 subnets
C 161.44.192.0 is directly connected, Ethernet0
131.108.0.0/24 is subnetted, 1 subnets
C 131.108.99.0 is directly connected, Serial0
S* 198.10.1.0/24 [1/0] via 161.44.192.2

The gateway of last resort is now set as 161.44.192.2. This result is independent of any routing protocol, as shown by the show ip protocols command at the bottom of the output. This can help you solve some tricky connectivity scenarios, as well as utilize two (or ever more) routing protocols for default gateway redundancy.

You can add another candidate default route by configuring another instance of ip default-network:

ip route 171.70.24.0 255.255.255.0 131.108.99.2
ip default-network 171.70.24.0
show ip route

Gateway of last resort is 161.44.192.2 to network 198.10.1.0
171.70.0.0/16 is variably subnetted, 2 subnets, 2 masks
S 171.70.0.0/16 [1/0] via 171.70.24.0
S 171.70.24.0/24 [1/0] via 131.108.99.2
161.44.0.0/24 is subnetted, 1 subnets
C 161.44.192.0 is directly connected, Ethernet0
131.108.0.0/24 is subnetted, 1 subnets
C 131.108.99.0 is directly connected, Serial0
S* 198.10.1.0/24 [1/0] via 161.44.192.2

However, changes did not take effect. That is because there is a potential pitfall with the ip default-network command – it is classful. Due to this, the command must be issued again, using the major net, in order to flag the candidate default route. Kind of like a recursive default-network path.

ip default-network 171.70.0.0
show ip route

Gateway of last resort is 171.70.24.0 to network 171.70.0.0
* 171.70.0.0/16 is variably subnetted, 2 subnets, 2 masks
S* 171.70.0.0/16 [1/0] via 171.70.24.0
S 171.70.24.0/24 [1/0] via 131.108.99.2
161.44.0.0/24 is subnetted, 1 subnets
C 161.44.192.0 is directly connected, Ethernet0
131.108.0.0/24 is subnetted, 1 subnets
C 131.108.99.0 is directly connected, Serial0
S* 198.10.1.0/24 [1/0] via 161.44.192.2

As the Cisco documentations describes this interesting ‘hack’, if the original static route had been to the major network, the extra step of configuring the default network twice would not have been necessary. As you can see, this may create some implications if your dynamic routing protocol is advertising networks with a subnet mask higher than the classless one. Do proceed with care, and lab and test any configuration change before deploying it in a production network. It is always easy to roll-back with a quick ip route 0.0.0.0, but if you’re troubleshooting from afar, never take the risk of cutting yourself off. Shall you have no other choice, scheduled reloading may help you in such case.

Let us test the fallback mechanism of the ip default-network command. If we are to remove a route to the particular default network, the router selects the other candidate default. Let’s try it:

no ip route 171.70.24.0 255.255.255.0 131.108.99.2
show ip route

Gateway of last resort is 161.44.192.2 to network 198.10.1.0
161.44.0.0/24 is subnetted, 1 subnets
C 161.44.192.0 is directly connected, Ethernet0
131.108.0.0/24 is subnetted, 1 subnets
C 131.108.99.0 is directly connected, Serial0
S* 198.10.1.0/24 [1/0] via 161.44.192.2

 

Of couse, there’s always the good old ip route command.

Creating a static route to network 0.0.0.0 0.0.0.0 is another way to set the default gateway on almost any layer 3 device.

Most network engineers think that a static route using the ip route command takes precedence over any other route, but there is an exception.

As stated by the Cisco documentation:
If you use both the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to configure candidate default networks, and the network used by the ip default-network command is known statically, the network defined with the ip default-network command takes precedence and is chosen for the gateway of last resort. Otherwise if the network used by the ip default-network command is derived by a routing protocol, the ip route 0.0.0.0 0.0.0.0 command, which has a lower administrative distance, takes precedence and is chosen for the gateway of last resort. If you use multiple ip route 0.0.0.0 0.0.0.0 commands to configure a default route, traffic is load-balanced over the multiple routes.

So, to sum it up, if there is a default-network statement, and it points to a statically defined network, it overrides the ip route 0.0.0.0 0.0.0.0 command. Plain and simple.

Summary

When in doubt, always check the documentation first 🙂
The ip default-gateway command should only be used when ip routing is disabled on a Cisco router. In any other case, use either the ip default-network or ip route 0.0.0.0 0.0.0.0 commands to set the gateway. Just take care with the classfull behavior of the former command.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s