I understand your solution but I have a more complex problem.
The firewall is managed by another provider. I have asked if it will supply CDP or respond to ICMP, I have not heard but I will assume it will for now.
There are two loactions, a hot and a cold site. Each site has a firewall attached to my switch (MSFC). There are approx 10,000 people behind the swicths who want to talk through the host swicth/firewall if it is alive, or through the cold swicth/firewall if the hot one is dead.
Hence I want to inject the hot firewll into OSPF as a next hop only if it is alive.
I tried creating a static
ip route 10.10.0.1
Creating an ACL
access-list 10 per
Biulding the route map
route-map FIREWALL per 10
match ip add 10
set next hop 10.10.0.1
set next-hop ver-avail
But this seems to be mixing features, PBR on the vlan interfcae, and injecting into OSPF based on the same route-map.
I am starting to think that the best way to do it is make the interface between my swicth and the firewall a L3 interfcae, then I can use a static route pointing to the local swicth L3 interfcae. That way if the switch Ethernet is down, the static won't inject into ospf.
Jorge's recommendation with an additional feature, Reliable static route using object tracking, should help you achieve what you are trying to do.
With this feature you can track the firewall IP address and when the it becomes unreachable the router would remove the primary default route and start using the backup default route (floating static) to route the traffic.
Have a look at this link to configure this feature.
I think I have to use the MSFC interfcae as the next hop, with the caveats that is must be a L3, and I wear the ARP problem as specified. I can poit to multiple /26's behind the firewall, which will limit the ARP issue.
I can redistribute static will differnt costs etc...no brainer.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...