Static RoutingCCNA 200-301

Static Summary Route Too Broad — Black Holing Traffic

Presenting Symptom

Traffic destined for a specific subnet is being dropped (black holed) even though a route exists in the routing table.

Network Context

A small branch office with a single router (Cisco 4321, IOS XE 16.9) connected to the corporate WAN via a serial link. The router has a static summary route configured to reach remote subnets, but one specific /24 subnet within the summary range is unreachable. The network uses OSPF internally and static routes for external connectivity.

Diagnostic Steps

Check routing table for the destination subnet

show ip route 10.10.20.0

Routing entry for 10.10.0.0/16, supernet
  Known via "static", distance 1, metric 0
  * 10.10.0.0/16 is subnetted, 1 subnets
  S       10.10.0.0/16 [1/0] via 192.168.1.2

The route shows 10.10.0.0/16, not the specific /24. This indicates the summary route is covering the destination, but there is no more specific route. Traffic for 10.10.20.0/24 will be forwarded based on the summary, which may point to a next-hop that does not have a route for that subnet.

Check the forwarding table (CEF) for the destination

show ip cef 10.10.20.0

10.10.20.0/24, version 123, epoch 0, cached adjacency to 192.168.1.2
0 packets, 0 bytes
  via 10.10.0.0/16, 0 dependencies
    next hop 192.168.1.2

CEF shows the packet is forwarded using the summary route. If the next-hop router does not have a route for 10.10.20.0/24, traffic will be dropped.

Trace the path to the destination

traceroute 10.10.20.1

Type escape sequence to abort.
Tracing the route to 10.10.20.1
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.1.2 4 msec 4 msec 4 msec
  2 * * *
  3 * * *

The traceroute stops at the next-hop router (192.168.1.2) and then times out. This indicates the next-hop router does not have a route for the destination and is dropping the packets.

Check the routing table on the next-hop router

show ip route 10.10.20.0

Routing entry for 10.10.0.0/16, supernet
  Known via "static", distance 1, metric 0
  * 10.10.0.0/16 is subnetted, 1 subnets
  S       10.10.0.0/16 [1/0] via 10.10.0.1

The next-hop router also has only the summary route, pointing back to the original router, creating a routing loop or black hole. This confirms the summary route is too broad and is being propagated incorrectly.

Root Cause

A static summary route 10.10.0.0/16 was configured on the branch router to cover multiple /24 subnets (e.g., 10.10.20.0/24, 10.10.30.0/24). However, one of the subnets (10.10.20.0/24) does not actually exist behind the next-hop router, or the next-hop router does not have a more specific route for it. The summary route causes traffic for that subnet to be forwarded to a router that cannot deliver it, resulting in black holing.

Resolution

1. Remove the overly broad summary route: no ip route 10.10.0.0 255.255.0.0 192.168.1.2 2. Configure specific static routes for each actual subnet: ip route 10.10.20.0 255.255.255.0 192.168.1.2 ip route 10.10.30.0 255.255.255.0 192.168.1.2 3. If summarization is still desired, ensure the summary route only covers subnets that are actually reachable via the next-hop, and that the next-hop router has routes for all subnets within the summary.

Verification

show ip route 10.10.20.0 Expected output: Routing entry for 10.10.20.0/24 Known via "static", distance 1, metric 0 * 10.10.20.0/24 is subnetted, 1 subnets S 10.10.20.0/24 [1/0] via 192.168.1.2 Also verify with traceroute: traceroute 10.10.20.1 should now reach the destination successfully.

Prevention

1. Always use the most specific static routes possible; avoid summarization unless you are certain all subnets within the summary are reachable via the same next-hop. 2. Implement route filtering to prevent summary routes from being propagated to routers that do not have the corresponding specific routes. 3. Use dynamic routing protocols (e.g., OSPF) with proper summarization and filtering to automatically handle route advertisement.

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario appears in troubleshooting questions where a static route is too broad. The exam may present a multiple-choice question asking why traffic to a specific subnet is failing, or a drag-and-drop to identify the misconfigured route. Candidates must understand that a summary route can black hole traffic if it points to a next-hop that does not have a route for the specific subnet.

Exam Tips

Remember that a static route with a less specific mask (e.g., /16) will match all destinations within that range, even if some subnets do not exist.

When troubleshooting black holes, always check the routing table for both the summary and specific routes; the absence of a specific route is a red flag.

Know the 'show ip route' and 'show ip cef' commands to verify forwarding behavior.

Commands Used in This Scenario

show ip route

Displays the current IP routing table on a Cisco router, used to verify routes, check next-hop addresses, and troubleshoot connectivity issues.

traceroute [ip]

Traces the route packets take from the source device to a destination IP address, showing each hop along the path, used to diagnose network path issues and latency.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions