| CIDR | Subnet Mask | Hosts | Wildcard |
|---|---|---|---|
| /24 | 255.255.255.0 | 254 | 0.0.0.255 |
| /25 | 255.255.255.128 | 126 | 0.0.0.127 |
| /26 | 255.255.255.192 | 62 | 0.0.0.63 |
| /27 | 255.255.255.224 | 30 | 0.0.0.31 |
| /28 | 255.255.255.240 | 14 | 0.0.0.15 |
| /29 | 255.255.255.248 | 6 | 0.0.0.7 |
| /30 | 255.255.255.252 | 2 (point-to-point) | 0.0.0.3 |
show ip route
show ip route 10.20.30.0
ip route 10.20.30.0 255.255.255.0 192.168.1.1
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 10.20.30.0 255.255.255.0 192.168.1.2 210
router ospf 1
network 10.0.0.0 0.0.0.255 area 0
| Source | Default AD | Type |
|---|---|---|
| Directly connected | 0 | Most trusted |
| Static route | 1 | Manual |
| EIGRP (internal) | 90 | Dynamic, Cisco proprietary |
| OSPF | 110 | Dynamic, link-state, open standard |
| RIP | 120 | Dynamic, distance-vector, legacy |
| EBGP | 20 | Dynamic, path-vector, inter-AS |
| Unknown/unreachable | 255 | Never installed |
interface gi0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
interface vlan 10
ip address 192.168.10.1 255.255.255.0
no shutdown
ip routing
Host broadcasts "who has this IP?" on the local segment; the owner replies unicast with its MAC. Result is cached in the ARP table.
show arp / show ip arp
Each router hop decrements TTL by 1. TTL reaching 0 triggers an ICMP Time Exceeded back to the sender — this is how traceroute maps the path.
ip nat inside source static 10.0.0.5 203.0.113.5
ip nat pool NATPOOL 203.0.113.1 203.0.113.10 netmask 255.255.255.0
ip nat inside source list 1 pool NATPOOL
ip nat inside source list 1 interface gi0/0 overload
access-list 10 permit 192.168.1.0 0.0.0.255
interface gi0/1
ip access-group 10 out
access-list 110 permit tcp 192.168.1.0 0.0.0.255 any eq 443
interface gi0/0
ip access-group 110 in
PC compares the destination IP against its own IP + subnet mask. Different subnet → traffic must go to the default gateway, not directly to the destination.
Local routing decisionIf not already cached, PC broadcasts an ARP request for its default gateway's IP. The router replies with its own MAC address.
Layer 2 resolutionPC builds the IP packet: source IP = itself, destination IP = the remote host, TTL set (commonly 64/128), protocol field set. This is wrapped in an Ethernet frame with destination MAC = the gateway's MAC (not the remote host's).
EncapsulationRouter strips the Ethernet header, exposing the IP packet, and checks the destination IP against its routing table.
Layer 3 processingRouter performs a longest-prefix match. If found, it identifies the next-hop IP and correct exit interface; if not, and no default route exists, it drops the packet and returns ICMP Destination Unreachable.
Longest prefix matchRouter decrements TTL by 1. If TTL hits 0, the packet is dropped and an ICMP Time Exceeded is sent back — this is what limits routing loops and powers traceroute.
Loop protectionThe IP packet (source/destination IP unchanged) gets a brand-new Ethernet frame for the next hop — new source MAC (router's outbound interface) and new destination MAC (next router, or the ARP-resolved destination host on the final hop).
Re-framing per hopEvery router in the path repeats steps 4–7. The IP header stays constant end-to-end (aside from TTL); only the Layer 2 framing changes hop by hop.
Hop-by-hopThe last router ARPs for the destination host on its local subnet (if not cached) and delivers the frame directly — the destination host receives it, checks the destination MAC and IP both match, and passes the payload up the stack.
Delivery| Symptom | Likely Cause |
|---|---|
| Can't reach anything off-subnet | Missing/wrong default gateway on host |
| Some remote networks unreachable | Missing route, wrong AD/metric, route not advertised |
| Asymmetric routing / odd latency | Unequal-cost paths, floating static misconfigured |
| NAT translation fails | ACL not matching traffic, pool exhausted, wrong interface roles |
| Traceroute stops mid-path | ACL blocking ICMP, firewall dropping Time Exceeded |
| Check | Command |
|---|---|
| Routing table | show ip route |
| ARP cache | show ip arp |
| NAT translations | show ip nat translations |
| ACL hit counts | show access-lists |
| Path to destination | traceroute x.x.x.x |