Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
617
Views
0
Helpful
3
Replies

ip route statement

Go to solution
mguzman4158
Level 1
Level 1

‎04-03-2009 07:45 AM - edited ‎03-04-2019 04:13 AM

Hello everyone, I have a question and maybe someone can shade some light on it. Why would you want to have an ip route statement from your DMZ switch like the following:

ip route ISP_internetrouter_loopbackinterface 255.255.255.255 ISP_fastethernet0/1

I don't understand the purpose of it. The way I see it is if you want to go the loopback interface go through fa of the same router. Why?

Thank you for any input on this!!!

Cheers!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to mguzman4158

‎04-03-2009 09:13 AM

Agree it's not obvious and bear in mind it could have been added to try and get something working, the route made no difference and then the person forgot to remove it.

It's not clear what the topology is ie. your DMZ switch should only be able to get to the firewall interface not the ISP router or you run the risk of bypassing the firewall unless of course you are using DMZ in it's technically correct terminology which is the subnet between the outside of your firewall and the inside of the ISP router ?

Perhaps the ISP manages this switch from the loopback and they didn't want to advertise the loopback into OSPF so they used a static route.

Perhaps if you could clarify your topology. Is the DMZ connected directly to the ISP router and are they OSPF neigbors ?

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
JamesLuther
Level 3
Level 3

‎04-03-2009 07:55 AM

Hi,

Is the DMZ switch running BGP? It's normal to have a static route pointing to a BGP peers loopback in order to bring up a BGP session (if update source has been set to loopback).

Regards

0 Helpful

Go to solution
mguzman4158
Level 1
Level 1
In response to JamesLuther

‎04-03-2009 07:59 AM

no, the DMZ switch is running OSPF 1 -

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to mguzman4158

‎04-03-2009 09:13 AM

Agree it's not obvious and bear in mind it could have been added to try and get something working, the route made no difference and then the person forgot to remove it.

It's not clear what the topology is ie. your DMZ switch should only be able to get to the firewall interface not the ISP router or you run the risk of bypassing the firewall unless of course you are using DMZ in it's technically correct terminology which is the subnet between the outside of your firewall and the inside of the ISP router ?

Perhaps the ISP manages this switch from the loopback and they didn't want to advertise the loopback into OSPF so they used a static route.

Perhaps if you could clarify your topology. Is the DMZ connected directly to the ISP router and are they OSPF neigbors ?

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card