This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

how do i redistribute static route into ospf?

how do i redistribute static route into ospf?

Go to solution
Keith9
Contributor III

‎09-15-2021 01:11 AM

On our two   690 cores, I have a static route for 192.168.56.0/24 pointed to a vpn firewall that has a connection to the internet.  Vpn users connect to the device and the device has a static route back to our core.  Our core has OSPF and can get to other networks and offices in different locations.  
 

We have a vendor who also installed an MPLS router and they OSPF peer to our core.  This takes us down to a rack we have with them in another state for DR.  The issue is we need to advertise our vpn subnet to them (192.168.56.0/24) so on VPN we can access that DR network.  Right now the core would know to send the traffic to them, but that provider has no return routes.  Their support said if we advertise in ospf they will get the routes and it should work.  
 

In Cisco routers I would create an ip prefix acl, but how would I do it on EXOS?  It’s important I don’t disturb the already working connection (at least within our network).

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Keith9
Contributor III

‎09-16-2021 01:13 PM

Nevermind, i see its a match any.  So i edited this on our two cores to look like this

entry rule1{
        if match any {
        nlri 192.168.56.0/24 ;
        nlri 192.168.55.0/24 ;
        }
        then {
        permit ;
        }
        }

 

Then ran refresh policy static-to-ospf

 

It works perfectly.  Tested with our two VPN clients one off of each network.  Forcefully disabled a port to the DR providers router in our HQ and the VPN clients were still able to access the DR provider via our core, out or wan to another office where our DR provider has a secondary.

All is working well.

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
StephanH
Valued Contributor III

‎09-15-2021 02:12 PM

Hello Keith,

“nlri 192.168.56.0/24” should be fine.

Do set the next hob you can use the following:

entry rule 1{

if match any {

nlri 192.168.56.0/24;

}

then {

next-hop 10.1.0.120;
permit;
}
}

But not tested!

Regards Stephan
0 Kudos

Go to solution
Keith9
Contributor III

‎09-15-2021 01:54 PM

Great,.so when they say <route> am i putting the full route like an ip route statement or just the network that already has a static route on the firewall?

 

Example on the cores now:
configure iproute add 192.168.56.0 255.255.255.0 10.1.0.120

 

So would I do this?

 entry rule1 {     if match any {     nlri 192.168.56.0 255.255.255 10.1.0.120 ;          }     then {     permit  ;     }     } 

 

Or just nlri 192.168.56.0/24

I need to know the syntax of the <route> shown in that article.

0 Kudos

Go to solution
StephanH
Valued Contributor III

‎09-15-2021 05:21 AM

Hello Keith,

the procedure for EXOS is described here:

https://extremeportal.force.com/ExtrArticleDetail?an=000092574

Regards Stephan
0 Kudos
GTM-P2G8KFN