cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6844
Views
5
Helpful
6
Replies

Multiple Static Routes

Aberdo
Level 1
Level 1

     New to the forums so hello to everyone.  I feel like this is an obvious question but I need to ask it anyway.  Can I have two static routes in my Nexus 9K with the current config?

 

I have two "stacked" Nexus 9K switches behind a Fortigate firewall and the same in another data center.  I recently added vlan 9 and have a device with a 0.9.2.20 address that needs to communicate with a device on the other side with a 10.9.1.20 ip address.  Issue is with this current config all traffic goes to the 10.1.1.1 (fortigate port 1) and I need it to go to 10.9.2.1 (fortigate port 2).  Thank you very much and please let me know if you have any questions.

 

version 6.1(2)I3(3a)
switchname SWITCH01
vdc SWITCH01 id 1
allocate interface Ethernet1/1-54
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 512
limit-resource u4route-mem minimum 248 maximum 248
limit-resource u6route-mem minimum 96 maximum 96
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8

feature vrrp
cfs eth distribute
feature interface-vlan
feature lacp
feature vpc
feature lldp

username admin password 5 123465798 role network-admin
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 123465798 priv 0xd6290199
b2daeb23becfafb89e0a9 localizedkey
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
snmp-server community DLS22870 group network-operator

ip route 0.0.0.0/0 10.1.1.1
vlan 1,5,9-10,30,50
vlan 5
name iSCSI
vlan 9
name Tele-HB
vlan 10
name LAN_VLAN
vlan 30
name DMZ
vlan 50
name vMotion

vrf context management
vpc domain 1
peer-keepalive destination 172.16.123.2 source 172.16.123.1
auto-recovery
ip arp synchronize

interface Vlan1
no shutdown

interface Vlan5
description iSCSI Interface
no shutdown
mtu 9216
no ip redirects
ip address 10.5.1.62/24
vrrp 2
advertisement-interval 3
authentication text cisco
address 10.5.1.50 
no shutdown

interface Vlan9
description Telehealth Heartbeat
no shutdown
mtu 9216
no ip redirects
ip address 10.9.2.3/24
vrrp 4
advertisement-interval 3
authentication text cisco
address 10.9.2.2 
no shutdown

interface Vlan10
description LAN VLAN Interface
no shutdown
mtu 9216
no ip redirects
ip address 10.1.1.101/23
vrrp 1
advertisement-interval 3
authentication text cisco
address 10.1.1.100 
no shutdown

interface Vlan30
no shutdown

interface Vlan50
description vMotion Interface
no shutdown
mtu 9216
no ip redirects
ip address 10.1.60.11/24
vrrp 3
advertisement-interval 3
authentication text cisco
address 10.1.60.10 
no shutdown

interface port-channel10
switchport mode trunk
spanning-tree port type network
vpc peer-link

interface port-channel20
description NEXUS_TO_BROCADE
switchport access vlan 10
vpc 5

interface port-channel30
description NEXUS_TO_3750
switchport mode trunk
switchport trunk allowed vlan 5,9-10,30,50
mtu 9216
vpc 1

interface port-channel31
description Nexus_To_UCS
switchport mode trunk
switchport trunk allowed vlan 5,9-10,30,50
spanning-tree port type edge trunk
mtu 9216
vpc 2

interface port-channel32
description Nexus_To_UCS
switchport mode trunk
switchport trunk allowed vlan 5,9-10,30,50
spanning-tree port type edge trunk
mtu 9216
vpc 3

interface port-channel123
description NEXUS_TO_BROCADE
switchport mode trunk
switchport trunk allowed vlan 5,10,30,50
mtu 9216
vpc 4

interface Ethernet1/1
description Fabric A
switchport mode trunk
switchport trunk allowed vlan 5,9-10,30,50
spanning-tree port type edge trunk
mtu 9216
channel-group 31 mode active

interface Ethernet1/2
description Fabric A
switchport mode trunk
switchport trunk allowed vlan 5,9-10,30,50
spanning-tree port type edge trunk
mtu 9216
channel-group 31 mode active

interface Ethernet1/3
description Fabric B
switchport mode trunk
switchport trunk allowed vlan 5,9-10,30,50
spanning-tree port type edge trunk
mtu 9216
channel-group 32 mode active

interface Ethernet1/4
description Fabric B
switchport mode trunk
switchport trunk allowed vlan 5,9-10,30,50
spanning-tree port type edge trunk
mtu 9216
channel-group 32 mode active

interface Ethernet1/5
description Nimble iSCSI
switchport access vlan 5
spanning-tree port type edge
mtu 9216

interface Ethernet1/6
description Nimble iSCSI
switchport access vlan 5
spanning-tree port type edge
mtu 9216

interface Ethernet1/7
description Fabric A MGMT
switchport access vlan 10

interface Ethernet1/8
description Nimble MGMT
switchport access vlan 10

interface Ethernet1/9

interface Ethernet1/10
description Barracuda Load Balancer #1 MGMT
switchport access vlan 10

interface Ethernet1/11
description Barracuda Load Balancer#1 Network Port
switchport access vlan 10

interface Ethernet1/12

interface Ethernet1/13
switchport access vlan 9

interface Ethernet1/14

interface Ethernet1/15

interface Ethernet1/16

interface Ethernet1/17

interface Ethernet1/18

interface Ethernet1/19

interface Ethernet1/20

interface Ethernet1/21

interface Ethernet1/22

interface Ethernet1/23

interface Ethernet1/24

interface Ethernet1/25

interface Ethernet1/26

interface Ethernet1/27

interface Ethernet1/28

interface Ethernet1/29

interface Ethernet1/30

interface Ethernet1/31

interface Ethernet1/32

interface Ethernet1/33

interface Ethernet1/34

interface Ethernet1/35

interface Ethernet1/36

interface Ethernet1/37

interface Ethernet1/38

interface Ethernet1/39

interface Ethernet1/40
description Connection to DMZ
switchport access vlan 30

interface Ethernet1/41

interface Ethernet1/42

interface Ethernet1/43

interface Ethernet1/44
description NEXUS_TO_BROCADE
switchport access vlan 10
channel-group 20 mode active

interface Ethernet1/45
description MHMNEX01_TO_MHMNEX02
switchport mode trunk
channel-group 10 mode active

interface Ethernet1/46
description MHMNEX01_TO_MHMNEX02
switchport mode trunk
channel-group 10 mode active

interface Ethernet1/47
description NEXUS_TO_BROCAD
switchport mode trunk
switchport trunk allowed vlan 5,9-10,30,50
mtu 9216
channel-group 30

interface Ethernet1/48
description NEXUS_TO_BROCAD
switchport access vlan 10
channel-group 20 mode active

interface Ethernet1/49

interface Ethernet1/50

interface Ethernet1/51

interface Ethernet1/52

interface Ethernet1/53

interface Ethernet1/54

interface mgmt0
vrf member management
ip address 172.16.123.1/30
line console
line vty
boot nxos bootflash:/n9000-dk9.6.1.2.I3.3a.bin

1 Accepted Solution

Accepted Solutions

Hi

You are welcome, please keep me posted. 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

6 Replies 6

Hi Aberdo,

Please correct me if I understanding wrong, but you want to know the destination through the Fortinet Port 2 instead Port 1, is that correct?

You could create a more specified static route with next hop Fortinet port 2

 

Image you have this configuration:

ip route 0.0.0.0 0.0.0.0 10.1.1.1

ip route 10.9.2.20 255.255.255.255  10.9.2.1

 

The router will prefer the second static route to redirect the traffic through that port due to it is more specific than the default route. Now if it fix the issue remember allow the access on the fortinet firewall using acl on this port 2 and to have symmetric traffic you need to specify the source through port 2 probably with static route as well.  

 

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Hey Julio,

     Thank you, I will make the change and follow up later today.  Thanks,

Pat

Hi

You are welcome, please keep me posted. 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

The original poster asked a simple question

Can I have two static routes in my Nexus 9K with the current config?

Julio has provided an excellent suggestion explaining one option, which is a static default route and a more specific static route for some address(es). There are other options for ways to have two static routes which we should acknowledge:

- it is possible to have two static default routes which might look something like this

ip route 0.0.0.0 0.0.0.0 1.2.3.4

ip route 0.0.0.0 0.0.0.0 5.6.7.8

This would result in two default routes appearing in the routing table and the switch would load balance, sending some traffic to 1.2.3.4 and sending other traffic to 5.6.7.8

- it is possible to have two static default routes where one is primary and the second is a backup if the primary is withdrawn from the routing table. It might look something like this

ip route 0.0.0.0 0.0.0.0 1.2.3.4

ip route 0.0.0.0 0.0.0.0 5.6.7.8 220

This uses an administrative distance of 220 to make the second entry into a floating static route which provides redundancy and would be used only if the primary default route were withdrawn from the routing table.

 

HTH

 

Rick

HTH

Rick

Thanks again, that did the trick!

 

Hi

It was a pleasure, have a great day!

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: