JT
JT Exams
Log inStart Free Trial
NetworkingNetwork+

Router Configuration for CompTIA Network+ N10-009

Router configuration implements the Layer 3 routing decisions that move traffic between networks. CompTIA Network+ N10-009 tests router configuration in the Network Implementation domain — static routes, dynamic routing protocol configuration, inter-VLAN routing, and router security hardening. A misconfigured router creates black holes, routing loops, or security vulnerabilities that affect the entire network.

9 min
3 sections · 7 exam key points
1 practice questions

Static and Dynamic Routing Configuration

Static routes: manually configured routes — 'ip route 192.168.2.0 255.255.255.0 10.0.0.2' on a Cisco router (destination network, mask, next-hop IP). Advantages: predictable, no overhead, no convergence time. Disadvantages: no failover (if the next-hop is down, traffic is dropped), manual updates required when topology changes. Default static route: 'ip route 0.0.0.0 0.0.0.0 [next-hop]' — matches any destination not in the routing table, used for internet access.

Dynamic routing protocols: OSPF, EIGRP, RIP, BGP. Configuration involves enabling the protocol, defining which networks to advertise, and setting parameters. OSPF: 'router ospf 1' → 'network 10.0.0.0 0.0.0.255 area 0' — advertises all interfaces in the 10.0.0.0/24 range into OSPF area 0. Administrative distance (AD): router's trust level for routes from different sources — directly connected = 0, static = 1, OSPF = 110, RIP = 120, external BGP = 20.

Routing table: the router selects the best route using: longest prefix match first (most specific route wins — /28 beats /24 beats default route), then lowest AD, then lowest metric. Always verify routes with 'show ip route' — understand each entry: C (connected), S (static), O (OSPF), R (RIP), B (BGP).

Route redistribution: importing routes from one routing protocol into another. Requires careful configuration to avoid routing loops and metric translation issues. Redistribution points are where different routing domains meet.

Inter-VLAN Routing

Router-on-a-stick: one physical router interface, multiple sub-interfaces — each sub-interface carries a VLAN using 802.1Q encapsulation. 'interface GigabitEthernet0/0.10' → 'encapsulation dot1q 10' → 'ip address 192.168.10.1 255.255.255.0'. The connected switch port must be configured as a trunk. One physical connection between router and switch handles all VLANs. Bandwidth bottleneck for inter-VLAN traffic at high volume.

Layer 3 switch (SVI — Switched Virtual Interface): the modern, high-performance approach to inter-VLAN routing. Create an SVI for each VLAN: 'interface Vlan10' → 'ip address 192.168.10.1 255.255.255.0' → 'no shutdown'. Enable IP routing: 'ip routing'. Layer 3 switches route in hardware (ASIC) — much faster than router-on-a-stick. Best practice for data center and campus inter-VLAN routing.

DHCP helper address: when a router provides inter-VLAN routing and subnets have remote DHCP servers, configure IP helper to forward DHCP broadcasts as unicast: 'ip helper-address [DHCP server IP]' on each Layer 3 interface/SVI that serves a subnet with DHCP clients.

Router Security and Access

Console and VTY access: routers have a console port (direct serial connection), AUX port (modem access), and VTY lines (virtual terminals — SSH/Telnet). Always configure SSH instead of Telnet: 'transport input ssh' on VTY lines. Set enable secret (MD5 hashed) not enable password (cleartext). Configure a login banner: 'banner motd' — legal requirement in many organizations.

AAA (Authentication, Authorization, Accounting): centralizes access control. Configure routers to authenticate admin access via RADIUS or TACACS+ server: RADIUS encrypts only the password; TACACS+ encrypts the entire packet and separates authentication, authorization, and accounting. TACACS+ is preferred for device administration; RADIUS for network access (VPN, 802.1X).

Control Plane Policing (CoPP): limits traffic destined for the router's CPU. Without CoPP, a flood of routing protocol packets or management traffic can overwhelm the CPU. CoPP uses QoS policy maps to rate-limit different traffic types to the control plane.

ACLs on router interfaces: standard ACLs (match source IP only) — place as close to destination as possible. Extended ACLs (match source, destination, port, protocol) — place as close to source as possible. 'ip access-group ACL-NAME in|out' applies ACL to an interface. Implicit deny at end of every ACL — always verify what is permitted before applying.

Key exam facts — Network+

  • Static default route: ip route 0.0.0.0 0.0.0.0 [next-hop] — catch-all for unknown destinations
  • Administrative distance: connected=0, static=1, OSPF=110, RIP=120 — lower = more trusted
  • Router-on-a-stick: sub-interfaces + 802.1Q tags on one trunk link to switch
  • Layer 3 switch SVI: hardware-based inter-VLAN routing — faster than router-on-a-stick
  • ip helper-address: forwards DHCP broadcasts across routed segments as unicast
  • SSH not Telnet on VTY lines; enable secret not enable password
  • ACL placement: standard ACL close to destination; extended ACL close to source

Common exam traps

The router always chooses the route with the lowest metric

Route selection has three steps in order: 1) longest prefix match (most specific wins), 2) lowest administrative distance (most trusted source), 3) lowest metric (within same protocol). A /28 static route will ALWAYS beat a /24 OSPF route to the same destination regardless of metric, because the /28 is more specific. Metric is only compared between routes from the same routing protocol

Practice questions — Router Configuration

These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.

Q1.A router's routing table contains: OSPF route to 10.0.0.0/8 (metric 20), static route to 10.1.1.0/24 (AD=1), and EIGRP route to 10.1.0.0/16 (metric 100). A packet arrives destined for 10.1.1.50. Which route is used?

A.OSPF route to 10.0.0.0/8 — lowest metric
B.Static route to 10.1.1.0/24 — longest prefix match
C.EIGRP route to 10.1.0.0/16 — EIGRP is more accurate
D.OSPF route — OSPF has lower AD than EIGRP

Explanation: Longest prefix match wins first: 10.1.1.0/24 (/24) is more specific than 10.1.0.0/16 (/16) which is more specific than 10.0.0.0/8 (/8). The /24 static route matches 10.1.1.50 more specifically than either the /16 or /8 routes. After longest prefix match, AD and metric are only tiebreakers when multiple routes exist with the same prefix length. The /24 static route is used.

Frequently asked questions — Router Configuration

What is the difference between RADIUS and TACACS+ for router authentication?

Both are AAA protocols, but they differ in design: RADIUS encrypts only the password in authentication packets; TACACS+ encrypts the entire packet body — more secure. RADIUS combines authentication and authorization; TACACS+ separates them into three distinct functions (Authentication, Authorization, Accounting) — more flexible for granular command authorization. RADIUS is better for network access (VPN clients, 802.1X); TACACS+ is better for device administration (controlling which CLI commands each admin can run). Cisco devices support both; many organizations use TACACS+ for routers/switches and RADIUS for VPN/wireless.

Practice this topic

Network+practice questions

Test yourself on Router Configuration

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice testStart 7-Day Free Trial

No credit card · Cancel anytime

Related certification topics

Routing Protocols

Network+

Static Routing

Network+

VLAN Implementation

Network+

Switch Configuration

Network+

Routing Troubleshooting

Network+