- Cisco Employee,
Need your help on understanding a basic functionality of a router.
Will router forward packets on the same interface it received from i.e. say
a packet received on ethernet interface,it looks up routing table and determines that it needs to be sent back on same interface.
Hope the answer to above question will also explain the working principle of the following network.
Switch--router-->it can reach a few subnets
PC are configured with router interface as gateway and a static default route on router pointing towards firewall's interface.
Thanks in advance for your time.
To add a little bit to the answer from Paul, IOS routers do not have any restriction about forwarding packets out the interface that they were received on. Note that the default behavior of PIX and of ASA is different and by default they will not forward back out the interface on which the packet was received. In recent versions of code for PIX and ASA it is possible to over-ride this behavior and to enable forwarding back out the same interface.
One example may help understand a situation where a router forwards back out the same interface: assume that some PCs are configure in one subnet (perhaps 172.16.1.0/24) and some other PCs are configured in a different subnet (perhaps 172.16.51.0/24) and the router is configured with a primary interface address of 172.16.1.1 and with a secondary address of 172.16.51.1, then a PC at address 172.16.1.87 attempting to get to address 172.16.51.99 would forward to its default gateway at 172.16.1.1. The router would receive this and would forward back out the same interface to reach 172.16.51.99. So secondary addressing is one of the common situations where a router might forward back out the same interface.
Yes, a router can forward a packet out of the received interface.
I presume the firewall and PCs are all in the same subnet? If so, any traffic that needs to go to the firewall will be forwarded by te ruter to the firewall. The exact behaviour depends upon how the router is configured, and how the PCs behave.
If the router has HSRP configured, it will just forward the packets to the router. If the router is a single router and no HSRP, then when the router revieves a packet that needs to go to the firewall, it will forward the packet and send an ICMP redirect to the PC, effectively saying to the PC to send that traffic direct, as that is a better route. That behaviour can be disabled.