Moving VLAN from OSPF to Firewall

tyroneclark871 · ‎11-23-2016

Hi,

I am trying to remove VLAN 11 (10.10.30.1 /26), 12 (10.10.30.65 /26) and 13 (10.10.30.129 /26) from the core and place them on a firewall (changing from L3 VLANs on core to L2).

The problem I am having is when putting in a static route, OSPF isn't updating and this is causing the traffic to expire in transit as it is trying to reach the gateway on the core which has been moved to the firewall as an interface to a /26 range.

Firewall Config
Internal_Interface : 10.11.30.250
DMZ 1: 10.10.30.1 /26
DMZ 2: 10.10.30.65 /26
DMZ 3: 10.10.30.129 /26

OSPF Config
router ospf 1
log-adjacency-changes
redistribute connected subnets
redistribute static
network 10.254.0.1 0.0.0.7 area 0

Static Route
Newly input
ip route 10.10.30.0 255.255.255.0 10.11.30.250

Please could you advise what I am missing? the route stays in the OSPF table and I am assuming thats where it is failing as it isnt seeing the static?

Thanks for any help!

Paul Chapman · ‎11-23-2016

Hi -

Based on your post I'd say this is the expected behavior. You're redistributing a /24 into OSPF, so all it's peers will see that network.

PSC

Richard Burts · ‎11-23-2016

I find this description of the problem to be not clear. Have the SVIs for vlan 11 and 12 and 13 been removed from the core? As long as the SVIs exist and OSPF does redistribute static then the /26 subnets will still be in the routing table and will be used and not the /24 static.

HTH

Rick

HTH

Rick