We've got 6509/Sup720 routers in three data centers, each with an ACE module; we're using RHI on the ACEs to inject a static anycast route into the MSFCs (i.e. the same route in each data center) for our RADIUS servers, redistributing these into OSPF so clients only need to be configured with a single server address and failover between servers happens through the routing protocol.
This works fine, except for one peculiarity: the metrics seen in OSPF are not the ones that I've explicitly configured!
Router A (a chassis containing an ACE module) has this configuration (simplified):
router ospf 211
area 0.0.0.51 nssa redistribute static subnets route-map static-to-ospf network 0.0.0.0 255.255.255.255 area 0.0.0.51
ip prefix-list AAA-ANYCAST permit 10.0.0.240/30 le 32
route-map static-to-ospf permit 10 match ip address prefix-list AAA-ANYCAST set metric 10 set metric-type type-1 set tag 4445181
and the ACE module in it has this config (simplified):
policy-map multi-match POLICY_MM-AAA_DISTRIBUTION class CLASS-AAA_RADIUS_ANYCAST loadbalance vip inservice loadbalance vip icmp-reply active loadbalance vip advertise active loadbalance vip advertise metric 10
(note that the loadbalance vip advertise metric command really specifies the administrative distance, not the route metric!)
and sees this static route:
router-A>show ip route 10.0.0.240 Routing entry for 10.0.0.240/32 Known via "static", distance 10, metric 0 Redistributing via ospf 211 Advertised by ospf 211 subnets route-map static-to-ospf Routing Descriptor Blocks: * 10.0.0.226, via Vlan25 Route metric is 0, traffic share count is 1
So far, so good - the static route has the expected metric of zero.
Router B is directly connected to A through a VLAN where the OSPF cost is explicitly set to 2:
interface Vlan2349 ip address 10.8.11.165 255.255.255.254 ip ospf cost 2
So B should see the route to 10.0.0.240/32 with a metric of 10 (static-to-OSPF redistribution on A) + 2 (link cost) = 12.
This is what it actually sees:
router-B>show ip route 10.0.0.240 Routing entry for 10.0.0.240/32 Known via "ospf 211", distance 110, metric 32 Tag 4448081, type NSSA extern 1 Last update from 10.8.11.164 on Vlan2349, 3d23h ago Routing Descriptor Blocks: * 10.8.11.164, from 10.11.255.240, 3d23h ago, via Vlan2349 Route metric is 32, traffic share count is 1 Route tag 4448081
Where is the additional cost of 20 coming from?
I know that if I redistribute into OSPF without explicitly setting the metric then the default metric will be 20. It looks here like the explicit metric is being added to the default, rather than being used instead of the default.
Or am I overlooking something obvious?
As an aside, can anyone tell me what 'radius-server source-ports 1645-1646' does? It's in all of out 6500 configs, but I can't find it in the IOS docs; deleting it breaks AAA, and trying to change it to use the real RADIUS port numbers (1812-1813) isn't allowed...
I'm currently working on creating a Redundancy in two different VLANs (100& 200) having a different network. Within the two switches (IOS2-1 & IOS2-2), I configure the default gateway for access switches in HSRP VIPs, But I still can't ping VLAN 1...
Hi, I want to redistribute OMP routes to BGP, i have the doubt if all of the OMP prefixes located in the local vEdge will be redistributed to BGP or just the connected+static networks located in the vEdge. Also how can i restrict some OMP prefix...
Let's say we have two routers configured as RP candidates for auto-RP: R1 - "advertising" its loopback0 interface IP address 22.214.171.124 as the RP for these groups:126.96.36.199/32188.8.131.52/32184.108.40.206/24220.127.116.11/16 R2 - "advertising" its loopback0 int...
hi,i just performed an IOS upgrade and got a report that admin can't create L2 VLANs.i noticed the 'vtp primary force' and 'vtp primary mst' was applied to one of the core switch and perhaps got lost after the upgrade.how to keep the VTP primary persisten...