The CCNA (CCNA v2.0) or ICND2 (ICND2 v2.0) requires a candidate to have knowledge of how routing works in IOS. Although an advanced level of understanding is not expected at the associates level, it is expected that you have an understanding how routing works and how packet flows between hosts when they are getting routed. You should know concepts like administrative distance and default routes. After reading this article, you will learn how routing works in IOS and be able to configure basic routing like static and default routes.

CCNA Training – Resources (Intense)

The different planes of a router

Before getting started, it’s important to know conceptually how a networking device functions. Generally a router or a switch can be divided into three different planes.

Management plane – The device has to be managed in some way. Usually this will be done via SSH or Telnet. Then there are other protocols like SNMP and Netflow that can be used to extract data from the device.

Control plane – These are all the protocols that are used to populate different tables that are needed to achieve forwarding. This can be OSPF, BGP, LDP, ARP and so on.

Data plane – This is where the actual forwarding takes place. If the control plane is not working, then obviously the data plane can’t function either.

The tables of a router

A router’s job is to route packets. To be able to do this, it must know how to forward packets. The router populates its routing table via static routes and/or dynamic protocols. The best routes get installed into the global routing table. This is referred to as the Routing Information Base (RIB). To be able to encapsulate the packets, the router must also populate the adjacency table; for Ethernet, this will be done through ARP. If frame relay is involved, then this would be the DLCI instead. This all happens in the control plane.

The Forwarding Information Base (FIB) is then populated from the information in the RIB and the ARP cache and frame relay DLCI mappings, etc. All the information needed to forward packets is in the FIB which speeds up the routing process. This is now a function of the data plane.

Connected routes

Connected routes are those routes that are local to the router. These interfaces are directly connected and can be Serial, Ethernet, loopbacks and so on. These will always have an administrative distance of 0. We can see all the connected routes of a router by using the ‘show ip route connected’ command.

Looking at the output, we notice a few things. All these routes are known as directly connected which means that they are local to the router. “ is subnetted” means that we are using a different mask than the classful one which would be /8. Sometimes we can also see that a network is variably subnetted. IOS will output this if we are using different network masks for a major network. I will demonstrate this by adding on a loopback interface.

Static routes

Static routes are routes that are entered manually by the administrator. They don’t adapt to network events, and they will always stay in the routing table as long as the outgoing interface is in up status. Static routes have an administrative distance of 1 by default.We can change this if needed. To enter a static route, we need to know the network including the network mask and the next-hop or outgoing interface towards the destination.

To demonstrate static routes, the following topology will be used:

R1 needs to reach the loopback of R4 which has an IP of The next-hop to reach the loopback is, which is the IP address of R2.

The route was entered with a host specific mask, but a /24 or other mask could have been used as well. The [1/0] means that the administrative distance is 1 and the metric is 0. The next-hop is, but the way IOS works is it always looks for the outgoing interface. This can be found by doing show ‘ip route’ which will point to Fa0/0.

‘Show ip route’ shows what the control plane has learned and ‘show ipcef’ shows what the data plane is using for forwarding. CEF has recursed the outgoing interface which can be seen by the “recursive” in the output.

The static route could have been entered with the outgoing interface instead of the next-hop. What is the difference? We change the route to point to the outgoing interface instead.

From the ‘show ip route’ output, the route is now shown as directly connected. This has led to the myth that static routes pointing at an outgoing interface have an AD of 0, which is not true and can be seen by the “distance 1” from the output. The CEF output shows the route as attached instead of recursive.

Just pointing a static route to an outgoing interface has one major drawback. Because IOS sees the route as connected, it will ARP for the destination. In reality the route is not really connected of course, and this may lead to reachability issues, especially if proxy ARP is disabled in the network. From the output below we can see that R1 ARPs for the destination and that R2 is responding with its MAC address because it has proxy ARP enabled (default).

If proxy ARP was disabled on R2, then the ping would not go through at all due to encapsulation failing. If the link was point-to-point, then there would be no issues, so a serial interface with HDLC or PPP encapsulation would work fine in this case. As a general rule, only use the outgoing interface if it is a point-to-point interface; otherwise, define both the outgoing interface and the next-hop. This will stop the router from ARPing for the destination.

Static default routes

Static default routes are mainly used for Internet connectivity. Take a look at the following topology:

There is a corporate router which has a single WAN connection to the ISP. In this case it makes sense to have a static default route because there is only one way out of the network. What the default route does is to say that anything that I don’t know of specifically, send it towards the ISP. It is then the responsibility of the ISP to route the traffic onwards.

A static default route is entered with the following syntax:

ip route

This is the 0/0 network and for any destinations the router does not know of it will send towards This requires that ‘ip classless’ is configured but this has been the default for a long time now. The /0 mask means that all hosts will match this supernet.

Selecting between routes

In some cases there may be multiple routes to reach a destination. How does IOS choose? Let’s say that we want to send packets to and there are two routes in the routing table. There is a static route to and an OSPF route Which is the preferred one?

Many will be tempted to choose the static route because of the administrative distance but that would be incorrect. IOS always looks for the longest match first which would be the OSPF route. Only if the routes are equally long will the AD decide which to use. If the AD is the same, then the metric will decide which one is best. If the metric is also a tie, there could be load sharing depending on the number of maximum routes allowed. This table shows the administrative distance of the most common protocols.

Protocol Administrative distance
Connected 0
Static 1
eBGP 20
OSPF 110
ISIS 115
RIP 120
EIGRP external 170
iBGP 200

Packet flow

For the CCNA exam and for all networking, it’s important to get an understanding of packet flows and to visualize the packets being forwarded through the networking devices. To practice this, we use the same topology as before.

By turning off routing on R1 and R4, we can make them act like hosts. They will then be configured with the ‘ip default-gateway’ command pointing at R2 and R3 respectively. R2 and R3 are running OSPF.

R1 will try to ping, which is the IP address of R4. Here are the steps that R1 will take:

  1. Check if the IP destination is local or remote. This is done by looking at the network mask which is The first 24 bits of the IP source ( are compared to and since they are different the destination must be remote.
  2. Check ARP cache if there is a mapping for, which is the default gateway.
  3. If ARP cache is empty, send ARP request asking for the MAC address of R2.
  4. R2 responds and R1 now has the mapping.
  5. R1 sends the packet with <SRC MAC = R1><DST MAC = R2><SRC IP = R1><DST IP = R4>.

The source and destination IP does not change in the entire packet forwarding but the source and destination MAC address will.

  1. Packet reaches R2 which does a routing lookup (CEF) for It is known via OSPF and the next-hop is
  2. Packet is rewritten with the information from the adjacency table (CEF) so the packet now looks like <SRC MAC = R2><DST MAC = R3><SRC IP = R1><DST IP = R4>.
  3. Packet reaches R3 which does a routing lookup (CEF) to find This network is connected to R3 and it knows to send it out the interface.
  4. Packet finally arrives at R4. R4 needs to respond and learns that the source of the packet is remote by the same bitwise comparison as R1 did.
  5. R4 checks ARP cache for the MAC address of R3. It should be there because R3 has already sent traffic towards R4.
  6. R4 sends the packet and the process repeats itself in the reverse direction.

So the most important thing to remember is that the source and destination IP remains the same during the packet forwarding, but the layer 2 frames must be rewritten so that proper encapsulation can take form.


The CCNA certification requires a basic knowledge of routing and routing protocols. Routers use the control plane, data plane and management plane to forward packets and administrate the router. The control plane routing table is known as the RIB and the forwarding table is known as the FIB (CEF). Connected routes are local to the router and have an AD of 0. Static routes point to a next-hop or an outgoing interface and have an AD of 1. A static default route covers anything not matched previously by a longer match. The longer match always wins and the second tiebreaker is the AD.

For the CCNA, it’s important to understand how the packets flow and when and if the encapsulation is altered along the way. By reading this article, you should now have a good understanding of how routing works in IOS and know how to use static and default routes.


  1. Cisco IP Routing: Packet Forwarding and Intra-domain Routing Protocols – Alex Zinin
  2. Cisco Express Forwarding – NakiaStringfield, Russ White, Stacia McKee