Solved

default route on Cisco router with 2 serial interfaces

Posted on 2007-03-29
15
450 Views
Last Modified: 2012-06-27
I have a Cisco router with 2 serial interfaces, one used for interoffice WAN connectivity and one used for an Internet connection.  Is there a way to set a default route that is applicable only to the serial interface for the Internet connection?  I'm curous how a default route will affect traffic to the interoffice WAN connection.  Thanks

0
Comment
Question by:cahelmster
  • 6
  • 5
  • 4
15 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 18819408
You would have two route statements
 ip route 0.0.0.0 0.0.0.0 serial 0/0  <== default interface
 ip route x.x.x.x 255.255.255.0 serial 0/1  <== remote office

Routes take the most bits match so as long as you have a more explicit route to the remote office, it will always take precedence.
0
 

Author Comment

by:cahelmster
ID: 18819443
ok...would the same statements apply if I'm running EIGRP?  Can the remote office route be added without disrupting anything?
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 18819462
If you're running EIGRP then presumably this router already has a route to the remote office? If so, don't add the 2nd router that lrmoore gave you, you don't need it. The default route is all you need.
0
 

Author Comment

by:cahelmster
ID: 18819551
I currently have connectivity to the remote office without any static routes in the config.  I just want to plug in a default route for the Internet connection.
0
 
LVL 28

Assisted Solution

by:mikebernhardt
mikebernhardt earned 250 total points
ID: 18819760
Yup, just add the default route then:
ip route 0.0.0.0 0.0.0.0 [serial interface name]
0
 

Author Comment

by:cahelmster
ID: 18819771
cool...thanks to you both
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18819860
Thanks.
BTW, from a security standpoint, it is not healthy to have private PtP links and Internet all on the same router...
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:cahelmster
ID: 18822782
What risks do I face?  This router was configured by a third-party like that, but I'd like to know what the potential risks are to maybe change the router setup down the road...thanks
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 18824613
It's just a matter of security because the internet is a relatively risky connection, and it makes it easier for someone who manages to find some access to then hop off to your other location. A common design is sometimes called "belt and suspenders," which is an outside router that connects to the internet, then a firewall, then an inside router to the LAN and other locations.
0
 

Author Comment

by:cahelmster
ID: 18826044
hmm...ok, so essentially it would be better to not use the second serial port on the Internet router and just throw in a separate router inside the firewall for the remote office?

Pretty much using both serial ports will work but it shouldn't be configured that way for security reasons?

Thanks

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18826098
Security best practices dictates a "defense in depth" and common practice is to have an Internet facing edge router, then a Firewall, and then an internal router for intranet communications between offices. This keeps all the Intranet traffic 'inside the firewall'.
If you have a separate firewall, then using the Internet router to also feed the remote office makes it difficult to route that remote site's traffic through your firewall if you are providing them Internet access.
Internet facing routers are at risk of hackers, with well known vulnerabilities and backdoors. I wouldn't risk my remote office being compromised simply because the edge router was compromised.
At the very least, I would hope your Edge router is monitored, secured against outside threats, and runs some type of firewall features in it.
0
 

Author Comment

by:cahelmster
ID: 18826136
ok...one last question...maybe :)

Disregarding the remote office connection, what's the advantage to doing:  Internet router---firewall---router---LAN switch

as opposed to:  Internet router---firewall---LAN switch

I guess the first option being the 'belt and suspenders' approach...

Thanks
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 18826174
You can do it that way, but you don't have as much flexibility internally (multiple subnets, etc.). Internally, a Layer 3 switch can serve the purpose as well as a dedicated router. But if budget is an issue, I think it's OK.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18826307
Without remote offices/intranet, the primary value of an internal router is L3 routing between VLAN's. If you don't have VLAN's, then you don't need it.

0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 18826419
You don't often see disagreement between me and lrmoore!   :-)
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now