Mental model
A router’s routing table is a list of “if destination matches X, send to Y” rules. The most specific match wins. So if you have:
10.0.0.0/24 via R2
0.0.0.0/0 via R-ISP
A packet to 10.0.0.5 matches the first rule (more specific). A packet to 8.8.8.8 doesn’t match the first, falls through to the second.
The second rule — 0.0.0.0/0 — matches everything. It’s the catch-all. Almost every edge router needs one, because no edge router knows every public-internet route (that’s hundreds of thousands of entries).
A default route is also called the gateway of last resort.
Two ways to install a default route
Method 1 — static default route
The classic. Just type it in:
R1(config)# ip route 0.0.0.0 0.0.0.0 203.0.113.1
Read aloud: “for any destination, send to 203.0.113.1.” Simple, reliable, used on 99% of branch and home routers.
Verify:
R1# show ip route 0.0.0.0
Gateway of last resort is 203.0.113.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 203.0.113.1
The S* means “static route, candidate default.” The * is what matters — it’s the candidate of last resort.
Method 2 — let a routing protocol distribute it
In larger networks, only the edge router (which faces the ISP) has the real default. Internal routers learn it via OSPF or EIGRP.
With OSPF:
R-edge(config)# router ospf 1
R-edge(config-router)# default-information originate
This makes R-edge tell its OSPF neighbors “I have a default route, send me anything unknown.” Internal routers install the default with O*E2 in their tables.
With EIGRP:
R-edge(config)# router eigrp 100
R-edge(config-router)# redistribute static
Or, on older IOS:
R-edge(config)# ip default-network 192.168.1.0
Default route vs summary route
These two get confused:
- Default route = 0.0.0.0/0 — matches everything when nothing else does.
- Summary route = aggregating many specific routes into one less-specific entry. E.g.
10.0.0.0/8summarizing 10.1.0.0/24 + 10.2.0.0/24 + …
Both are less specific than alternatives, but a default matches everything not otherwise routed. A summary still only matches a defined range.
Floating default — the backup
If your primary internet path can die, install a second default with higher administrative distance — it kicks in only when the primary disappears:
R1(config)# ip route 0.0.0.0 0.0.0.0 203.0.113.1 ! primary, AD 1
R1(config)# ip route 0.0.0.0 0.0.0.0 198.51.100.1 100 ! backup, AD 100
While the primary is up, only it shows in show ip route. When it fails, the backup automatically appears.
Verification
R1# show ip route
R1# show ip route 0.0.0.0
R1# show ip route 8.8.8.8 ! shows which route actually matches a specific destination
The third one is the most useful for troubleshooting: ask the router exactly which route it would use for a specific destination IP.
Common mistakes
-
Pointing the default to an unreachable next-hop. If
203.0.113.1isn’t reachable from R1, the default appears inshow running-configbut never installs intoshow ip route. Test reachability first. -
Multiple defaults with same AD = unintentional load-balancing. Two
ip route 0.0.0.0 0.0.0.0statements with AD 1 each, pointing at different ISPs → traffic load-balances. Sometimes wanted, sometimes not. Specify distinct AD for active/backup. -
Default route loops. R1’s default points to R2. R2’s default points to R1. Any unknown destination ping-pongs between them until TTL expires. Always trace defaults end-to-end.
-
Forgetting
default-information originatein OSPF. Putting a static default on the edge router doesn’t automatically share it via OSPF. Add the originate command, or internal routers won’t know. -
Wrong subnet/mask spelling.
ip route 0.0.0.0 0.0.0.0 ...is the default.ip route 0.0.0.0 255.0.0.0 ...is not a default — it’s a static for the 0.0.0.0/8 range, which doesn’t really exist. Easy typo, hard to spot. -
Default route in MPLS L3VPN customer-facing. When the provider runs OSPF/EIGRP/BGP with you, your default should come from them, not from you originating one to them. Coordination matters.
Lab to try tonight
- One router connected to a “fake ISP” (another router with a public-IP loopback). Internal LAN behind R1.
- Configure a static default route on R1 pointing to the ISP. Verify with
show ip route 0.0.0.0. - From the LAN, ping the ISP’s public IP. Should work.
- Remove the default. Ping again. Should fail with “Destination host unreachable.”
- Restore the default. Add a backup default with AD 100 pointing to a different ISP. Verify both appear in running-config; only the primary is in
show ip route. - Shut the primary’s outgoing interface. Watch the backup default appear in
show ip route. Bring back the primary, watch the backup disappear. - Bonus: configure OSPF area 0 between R1 and an internal router R2. On R1, add
default-information originate. Verify R2 learns the default withO*E2.
Cheat strip
| Concept | Plain English |
|---|---|
| 0.0.0.0/0 | The default route. Matches anything. |
| Gateway of last resort | Same thing, different name |
| Most specific match wins | More specific routes always beat the default |
| S* | Static candidate default in show ip route |
| O*E2 | OSPF-learned default (external type 2) |
| default-information originate | OSPF command to share your default with neighbors |
| Floating default | Backup default with higher AD |
| AD (Admin Distance) | Lower = more trustworthy. Static=1, OSPF=110, RIP=120. |