Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
428
Views
9
Helpful
5
Replies

Static Route in place, but OSPF is being used

Go to solution
nygenxny123
Level 1
Level 1

‎07-02-2009 06:33 AM - edited ‎03-05-2019 06:40 AM

I am trying to get to a network via a particular interface ( a firewall)

But it seems the static route in place is not covering it.

The network/host i want to reach is

172.20.111.100

L3CAT#sh ip route 172.20.111.100

Routing entry for 172.20.111.0/24

Known via "ospf 722", distance 110, metric 1

Tag 65000, type extern 2, forward metric 1

Last update from 192.168.1.3 on Vlan101, 1d07h ago

Routing Descriptor Blocks:

* 192.168.1.3, from 192.168.1.3, 1d07h ago, via Vlan101

Route metric is 1, traffic share count is 1

Route tag 65000

But we also have this static route statement in place..which is pointing to the interface i want to use..(172.20.3.4)

Wouldn't this statement (ip route 172.20.0.0 255.255.0.0) cover the 111.0 network?

ip route 172.20.0.0 255.255.0.0 172.20.3.4

ip route 172.20.230.0 255.255.255.0 172.20.3.12

ip route 172.30.0.0 255.255.0.0 192.168.254.2

ip route 192.168.0.0 255.255.255.240 192.168.254.2

ip route 192.168.0.96 255.255.255.224 192.168.254.2

L3CAT>sh ip route 172.20.0.0

Routing entry for 172.20.0.0/16, 31 known subnets

Attached (3 connections)

Variably subnetted with 5 masks

Redistributing via ospf 722

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎07-02-2009 07:02 AM

I don't have a router to test, but this is probably due to the longest match rule. You should specifically set:

172.20.111.0 255.255.255.0 172.20.3.4 and that should solve your problem.

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to John Blakley

‎07-02-2009 07:18 AM

Richard

I am not clear whether you want a route for the network or for a host. Your original post says:"The network/host i want to reach is 172.20.111.100". Perhaps you can clarify whether you are concerned about reaching only this host via the firewall or whether it is the network?

John is on exactly the right track. Your static route is for a /16. But you have a more specific /24 route from OSPF. And the more specific route is always preferred over a less specific route.

If you are concerned about reaching the entire network via the firewall then John's suggestion is exactly right. If you are concerned about the host then you need a specific host static route (/32).

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
5 Replies 5

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎07-02-2009 07:02 AM

I don't have a router to test, but this is probably due to the longest match rule. You should specifically set:

172.20.111.0 255.255.255.0 172.20.3.4 and that should solve your problem.

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to John Blakley

‎07-02-2009 07:18 AM

Richard

I am not clear whether you want a route for the network or for a host. Your original post says:"The network/host i want to reach is 172.20.111.100". Perhaps you can clarify whether you are concerned about reaching only this host via the firewall or whether it is the network?

John is on exactly the right track. Your static route is for a /16. But you have a more specific /24 route from OSPF. And the more specific route is always preferred over a less specific route.

If you are concerned about reaching the entire network via the firewall then John's suggestion is exactly right. If you are concerned about the host then you need a specific host static route (/32).

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎07-02-2009 07:12 AM

The ip route in question will cover the 111.0 network but as John pointed out, the longest mask will rule regardless of the Administrative distance.

You need a static route of 172.20.111.0 255.255.255.0

HTH,

__

Edison.

Go to solution
Brent Rockburn
Level 2
Level 2

‎07-02-2009 07:14 AM

if I'm not mistaken the router will always look at the more specific route first. If the ospf route is more specific the router will use that and not the static route.

When setting the static route be as specific as you can be and that should resolve this. Which I think is what John is saying...

Go to solution
nygenxny123
Level 1
Level 1
In response to Brent Rockburn

‎07-02-2009 07:59 AM

great thx..ill add the static route na see how it works

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card