07-02-2009 06:33 AM - edited 03-05-2019 06:40 AM
I am trying to get to a network via a particular interface ( a firewall)
But it seems the static route in place is not covering it.
The network/host i want to reach is
172.20.111.100
L3CAT#sh ip route 172.20.111.100
Routing entry for 172.20.111.0/24
Known via "ospf 722", distance 110, metric 1
Tag 65000, type extern 2, forward metric 1
Last update from 192.168.1.3 on Vlan101, 1d07h ago
Routing Descriptor Blocks:
* 192.168.1.3, from 192.168.1.3, 1d07h ago, via Vlan101
Route metric is 1, traffic share count is 1
Route tag 65000
But we also have this static route statement in place..which is pointing to the interface i want to use..(172.20.3.4)
Wouldn't this statement (ip route 172.20.0.0 255.255.0.0) cover the 111.0 network?
ip route 172.20.0.0 255.255.0.0 172.20.3.4
ip route 172.20.230.0 255.255.255.0 172.20.3.12
ip route 172.30.0.0 255.255.0.0 192.168.254.2
ip route 192.168.0.0 255.255.255.240 192.168.254.2
ip route 192.168.0.96 255.255.255.224 192.168.254.2
L3CAT>sh ip route 172.20.0.0
Routing entry for 172.20.0.0/16, 31 known subnets
Attached (3 connections)
Variably subnetted with 5 masks
Redistributing via ospf 722
Solved! Go to Solution.
07-02-2009 07:02 AM
I don't have a router to test, but this is probably due to the longest match rule. You should specifically set:
172.20.111.0 255.255.255.0 172.20.3.4 and that should solve your problem.
HTH,
John
07-02-2009 07:18 AM
Richard
I am not clear whether you want a route for the network or for a host. Your original post says:"The network/host i want to reach is 172.20.111.100". Perhaps you can clarify whether you are concerned about reaching only this host via the firewall or whether it is the network?
John is on exactly the right track. Your static route is for a /16. But you have a more specific /24 route from OSPF. And the more specific route is always preferred over a less specific route.
If you are concerned about reaching the entire network via the firewall then John's suggestion is exactly right. If you are concerned about the host then you need a specific host static route (/32).
HTH
Rick
07-02-2009 07:02 AM
I don't have a router to test, but this is probably due to the longest match rule. You should specifically set:
172.20.111.0 255.255.255.0 172.20.3.4 and that should solve your problem.
HTH,
John
07-02-2009 07:18 AM
Richard
I am not clear whether you want a route for the network or for a host. Your original post says:"The network/host i want to reach is 172.20.111.100". Perhaps you can clarify whether you are concerned about reaching only this host via the firewall or whether it is the network?
John is on exactly the right track. Your static route is for a /16. But you have a more specific /24 route from OSPF. And the more specific route is always preferred over a less specific route.
If you are concerned about reaching the entire network via the firewall then John's suggestion is exactly right. If you are concerned about the host then you need a specific host static route (/32).
HTH
Rick
07-02-2009 07:12 AM
The ip route in question will cover the 111.0 network but as John pointed out, the longest mask will rule regardless of the Administrative distance.
You need a static route of 172.20.111.0 255.255.255.0
HTH,
__
Edison.
07-02-2009 07:14 AM
if I'm not mistaken the router will always look at the more specific route first. If the ospf route is more specific the router will use that and not the static route.
When setting the static route be as specific as you can be and that should resolve this. Which I think is what John is saying...
07-02-2009 07:59 AM
great thx..ill add the static route na see how it works
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: