Solved: Re: Connected Route Redistribution

mahesh18 · ‎04-20-2018

Hi Everyone,

Here is setup

R1---internal router----Ospf------Cisco3750--------vlan 148-------Cisco ASA-----Internet

R2---internal router ---Ospf------Cisco 3750-------vlan 148--------Cisco ASA-----Internet

Cisco 3750 has OSPF nei ship with R1 and R2 Routers.

IP info

Cisco 3750 interface IP connected to the ASA 192.x.x.185

ASA interface IP connected to the Cisco 3750 192.x.x.186

Routing config on Cisco 3750

ip default-gateway 192.x.x.186
ip classless
ip route 0.0.0.0 0.0.0.0 192.x.x186

OSPF

router ospf 2
router-id 10.0.24.10
log-adjacency-changes
redistribute connected metric 10 metric-type 1
redistribute static subnets
network 10.0.12.62 0.0.0.0 area 0------------------R1
network 10.0.12.66 0.0.0.0 area 0------------------R2
default-information originate metric 10 metric-type 1

I need to redistribute the subnet(192.x.x.185/27 or some specfic IPs )between Cisco Switch and ASA without causing any network issues?

As this switch is also redistributing the cisco ASA default route to the ospf domain

interface Vlan148
ip address 192.x.x.185 255.255.224

Regards

Mahesh

Reza Sharifi · ‎04-20-2018

Hi Mahesh,

Yes, you can do 2 ways, one would be with the network statement and the other one with the route-map I provided.

Also,

redistribute connected metric 10 metric-type 1

is not redistributing that subnet because we have no ospf running on that interface and also we have no network command right?

The command above should redistribute all connected interfaces to OSPF unless they are no up.

Try adding it using the network command and it should work.

HTH

View solution in original post

Richard Burts · ‎05-11-2018

Mahesh

Thank you for the clarification. If your objective is to advertise that subnet then the easy and direct way to do that is to configure a network statement in OSPF that matches the subnet of the interface. That way OSPF will know the subnet and advertise it. It is possible to use redistribution (either redistribute connected or redistribute static) to have OSPF advertise the subnet but this is more complex than the simple network statement.

HTH

Rick

HTH

Rick

View solution in original post

Reza Sharifi · ‎04-20-2018

Hi Mahesh,

You can use a route map to redistribute the subnet.

ip prefix-list test seq 5 permit 192.x.x.185/mask

route-map test permit 10

match ip address prefix-list test

redistribute connected subnets route-map test

HTH

mahesh18 · ‎04-20-2018

Hi Reza,

So current current config

redistribute connected metric 10 metric-type 1

is not redistributing that subnet because we have no ospf running on that interface and also we have no network command right?

Second thing if i just put below config

network 192.x.x.172 WM will this work?

Regards

MAhesh

Reza Sharifi · ‎04-20-2018

Hi Mahesh,

Yes, you can do 2 ways, one would be with the network statement and the other one with the route-map I provided.

Also,

redistribute connected metric 10 metric-type 1

is not redistributing that subnet because we have no ospf running on that interface and also we have no network command right?

The command above should redistribute all connected interfaces to OSPF unless they are no up.

Try adding it using the network command and it should work.

HTH

mahesh18 · ‎04-20-2018

Hi Reza,

Right now I only want one specific host so for that I will use the network command for now right?

Other thing to confirm is that if i use whole subnet in network command will it case issues as this Switch

is also redistributing the default route which is IP of Cisco ASA?

In other words IP .186 will be advertised by network and with default information originate?

Will do this change on weekend and will update you on Monday.

Best Regards

Mahesh

mahesh18 · ‎04-25-2018

Hi Reza,

Need to confirm below

Other thing to confirm is that if i use whole subnet in network command will it cause issues as this Switch

is also redistributing the default route which is next hop IP of Cisco ASA?

In other words IP .186 will be advertised by network and with default information originate?

Regards

Mahesh

Reza Sharifi · ‎04-25-2018

Hi Mahesh,

I am a little confused why you need to redistribute .186 (vlan 148) to OSPF at all as that is just a transit vlan connecting the 3750 to the firewall and you are not running OSPF between the 3750 and the firewall.

Is that correct?

Also, the default route will provide access to the internet for all devices sitting behind r1 and r2 and has nothing to do with vlan 148 (transit vlan). Also, since you have a default route on the 3750, you can delete the"default-gateway" command.

Can you verify and answer these questions?

Thanks,

Reza

mohammed01701 · ‎04-25-2018

3750 and the firewall they are running layet 2 because off the VLAN 148. I don't understand why do you need to redistribute this subnet to the firewall, which is already known this subnet because off that VLAN 148 is direct connected Interface on the firewall. The only thing you need is the default route and default information orginate in the ospf proccess so that R1 and R2 gets route information about this subnet between 3750 and firewall.

Regards

Mohammed

mahesh18 · ‎04-25-2018

Hi Reza,

As we are doing the network change in coming days this change is remove the default information originate config from the 3750 and we will be advertising default route via another network device.

As some devices right now are behind the ASA and we see the subnet between the ASA and cisco 3750

is not advertised to the OSPF domain.

So if some user want to access that subnet going forward then dis switch will have no route for it and it

will pass to the new default gateway which is different network.

So my purpose is that in order to reach that subnet between ASA and cisco switch is it safe to put

whole subnet for now ?

or should i do this when i do my default gateway change ?

or for now i can just put network command with /32 so that network gets advertised to the ospf?

Regards

Mahesh

mahesh18 · ‎04-25-2018

Hi Reza, As we are doing the network change in coming days this change is remove the default information originate config from the 3750 and we will be advertising default route via another network device. As some devices right now are behind the ASA and we see the subnet between the ASA and cisco 3750 is not advertised to the OSPF domain. So if some user want to access that subnet going forward then dis switch will have no route for it and it will pass to the new default gateway which is different network. So my purpose is that in order to reach that subnet between ASA and cisco switch is it safe to put whole subnet for now ? or should i do this when i do my default gateway change ? or for now i can just put network command with /32 so that network gets advertised to the ospf? Regards Mahesh

Richard Burts · ‎04-25-2018

I am a little late to this discussion. The first thing that I want to say is to express my surprise at the assertion that redistribute connected would not advertise the subnet connecting the switch to the ASA. It is absolutely not correct that the interface needs to run OSPF to be redistributed by redistribute connected. In OSPF redistribute connected will advertise the subnet of EVERY connected interface that is in the up/up state.

There are a few things in the explanation that I find confusing. The original post says that the switch is advertising the default route of the ASA. But using default information originate is advertising a default route of the switch. If the switch were advertising the default route of the ASA then I would expect the switch to be running OSPF with the ASA, to be learning a default route from the ASA, and to be advertising that route to its other neighbors. I am also a bit puzzled at the masking of 192.x.x.195. I am assuming that the addressing of the subnet between the switch and the ASA is private addressing and that it is some subnet of 192.168. In that case what is the reason for hiding the two middle octets? It contributes complexity to trying to understand the environment and I see little benefit from it.

HTH

Rick

HTH

Rick

mahesh18 · ‎04-25-2018

Hi Rick,

Nice to see reply from you.

By Bad we are advertising the default route of the switch via config default information originate.

Subnet between the Switch and ASA is 192.141.x.x network it is not private network.

Regards

Mahesh

Richard Burts · ‎04-26-2018

Mahesh

Thank you for the clarification that the subnet is using Public IP and not private 192.168. In that case obscuring the middle octets does make good sense.

According to the part of the config posted you are redistributing connected interfaces. There seems to be some suggestion that this is not working? Can you clarify what is happening and what is the issue?

HTH

Rick

HTH

Rick

mahesh18 · ‎05-07-2018

Hi Rick,

Thanks for reply back.

Sorry I am Late in replying back

What I want to achieve is the devices connected to the ASA have public IP 192.41.x.x

I want to redistrubute those IP's or subnet in the OSPF via 3750 switch?

Regards

Mahesh

Richard Burts · ‎05-09-2018

Mahesh

I would like to clarify about your statement "I want to redistrubute those IP's or subnet". Do you mean that you want to advertise that subnet or do you really mean that you want to redistribute it? I do not want to be overly picky, but there is a significant difference in the two meanings.

HTH

Rick

HTH

Rick