Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1517
Views
5
Helpful
6
Replies

OSPF Redistribution problem

jburk
Level 1
Level 1

‎06-06-2011 12:33 PM - edited ‎03-04-2019 12:37 PM

I am having a problem redistributing static routes into OSPF from a Cisco 3825 to an Enterasys switch

Site A:

Cisco Router

Enterasys L3 Switch

ASA 5505

Site B:

Cisco Router

ASA 5505

Both sites are OSPF A0

I have a T1 Between site A and B and an ASA for internet and VPN redundancy. I am using IP SLA on the Site B end to switch to VPN if there is a T1 failure

on Site A end I am receiving the route to site B via OSPF and the routing table is populating on the Enterasys switch, I also have an 'ip route <siteb> <mask> <ip of site A asa> 150' on the Site A T1 router to add a static route via the ASA with a higher metric.

I added 'redistribute static subnets' to the OSPF process

When the T1 is up, the route to site B shows up as an OSPF route in the Site A router and L3 Enterasys switch. when I force the T1 down, the site B end switches to route over the tunnel. The static route via the VPN on Site A becomes active in the routing table, but it never shows up on the Enterasys switch, its like the Site A router never sends the update... Can someone give me some advice on how to trouble shoot this?

Labels:
0 Helpful
6 Replies 6

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-06-2011 12:47 PM

Hello Jburk,

you need to understand if :

an external LSA type 5 is generated when primary T1 link is down on router SiteA

you can use

show ip ospf database external

to check this.

When redistributing static routes into OSPF it is very important to check how the IP next-hop of the static route is advertised in OSPF:

the IP next hop, Fowarding address in OSPF terms, has to be known as an internal route it cannot be known by another external route

so in your case you need to advertise as internal route the IP subnet between the router and the ASA, if the ASA doesn't run OSPF you can use

network

+

passive-interface

to achieve this

the other OSPF router if it sees a forwarding address that is not known via an internal route will not use the external LSA.

the forwarding address is a field in the LSA external data structure so the show above can give this information

if you are using redistribute connected to advertise router- ASA IP subnet it doesn't work

Hope to help

Giuseppe

jburk
Level 1
Level 1
In response to Giuseppe Larosa

‎06-06-2011 12:53 PM

Great answer!

Yes I can see this being a problem, the router interface to the switch is on 10.99.1.0/24 network and the ASA inside is on the 10.99.100.0/24 network, with the routed SVI for the 10.99.100.0 net existing on the Layer-3 switch.

So I would add another subinterface to the router to exist in this network? or move the ASA to the 10.99.1.0 network?

I did try adding a higher metric static route to the enterasys switch for the VPN but it always prefers that route even with the lower metric route being learned from the router on OSPF when T1 is up...

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to jburk

‎06-06-2011 02:02 PM

Hello Jburk,

thanks for your kind remarks

>> with the routed SVI for the 10.99.100.0 net existing on the Layer-3 switch.

so it should be the entersys switch  to redistribute the static route  and not the  site A router, unless you provide a direct L3 link between router and ASA using the entersys only as a L2 switch on a new Vlan or removing SVI on existing vlan and adding a subinterface on the router.

Be careful above suggestions may have other impacts so do not implement them without double thinking!

However, I would suggest you to follow Toshi's questions to make more clear your topology and configuration.

Hope to help

Giuseppe

0 Helpful

Thotsaphon Lueangwattanaphong
Level 7
Level 7

‎06-06-2011 12:51 PM

Hi,

   Which device are you trying to apply "redistribute static subnets"?  Are you running OSPF on Enterasys switch as well?

   Please explain a bit more about your topology in detail.

Toshi

0 Helpful

jburk
Level 1
Level 1
In response to Thotsaphon Lueangwattanaphong

‎06-06-2011 12:54 PM

Yes OSPF on Enterasys, trying to redistribute  from site A router

0 Helpful

Thotsaphon Lueangwattanaphong
Level 7
Level 7
In response to jburk

‎06-06-2011 01:11 PM

Hi,

   Please explain your topology in detail. 

On siteA

- Enterasys and Router are running OSPF. Right?   You also configured floating routes for siteB pointing to ASA. Right?

- You don't run OSPF on ASA. Right? 

On siteB

- You do the same things as siteA. Right?

Toshi

0 Helpful
Customers Also Viewed These Support Documents
Top