cancel
Showing results for 
Search instead for 
Did you mean: 

how do i redistribute static route into ospf?

how do i redistribute static route into ospf?

Keith9
Contributor III

On our two   690 cores, I have a static route for 192.168.56.0/24 pointed to a vpn firewall that has a connection to the internet.  Vpn users connect to the device and the device has a static route back to our core.  Our core has OSPF and can get to other networks and offices in different locations.  
 

We have a vendor who also installed an MPLS router and they OSPF peer to our core.  This takes us down to a rack we have with them in another state for DR.  The issue is we need to advertise our vpn subnet to them (192.168.56.0/24) so on VPN we can access that DR network.  Right now the core would know to send the traffic to them, but that provider has no return routes.  Their support said if we advertise in ospf they will get the routes and it should work.  
 

In Cisco routers I would create an ip prefix acl, but how would I do it on EXOS?  It’s important I don’t disturb the already working connection (at least within our network).

1 ACCEPTED SOLUTION

Keith9
Contributor III

Nevermind, i see its a match any.  So i edited this on our two cores to look like this

entry rule1{
        if match any {
        nlri 192.168.56.0/24 ;
        nlri 192.168.55.0/24 ;
        }
        then {
        permit ;
        }
        }

 

Then ran refresh policy static-to-ospf

 

It works perfectly.  Tested with our two VPN clients one off of each network.  Forcefully disabled a port to the DR providers router in our HQ and the VPN clients were still able to access the DR provider via our core, out or wan to another office where our DR provider has a secondary.

All is working well.

View solution in original post

7 REPLIES 7

StephanH
Valued Contributor III

Hello Keith,

“nlri 192.168.56.0/24” should be fine.

Do set the next hob you can use the following:

entry rule 1{

if match any {

nlri 192.168.56.0/24;

}

then {

next-hop 10.1.0.120;
permit;
}
}

But not tested!

Regards Stephan

Keith9
Contributor III

Great,.so when they say <route> am i putting the full route like an ip route statement or just the network that already has a static route on the firewall?

 

Example on the cores now:
configure iproute add 192.168.56.0 255.255.255.0 10.1.0.120

 

So would I do this?

 entry rule1 {     if match any {     nlri 192.168.56.0 255.255.255 10.1.0.120 ;          }     then {     permit  ;     }     } 

 

Or just nlri 192.168.56.0/24

I need to know the syntax of the <route> shown in that article.

StephanH
Valued Contributor III

Hello Keith,

the procedure for EXOS is described here:

https://extremeportal.force.com/ExtrArticleDetail?an=000092574

Regards Stephan
GTM-P2G8KFN