Support Center > Search Results > SecureKnowledge Details
Configuring SecurePlatform Pro for OSPF
Solution

Important: Please ensure that you are familiar with routing protocols before using this quick guide.

The following procedure provides step by step guidance on how to configure OSPF dynamic routing on SecurePlatform:

  1. Login to the SecurePlatform Device.

  2. Enter Router Mode by running the command router or cligated.

    Note: You can display all the available commands by typing <?> and pressing the "Enter" key.

  3. Enter Privileged Execution mode by running the command enable. If this mode is password protected, you will be prompted for a password.

  4. You can type show run to display the current configuration.

  5. Enter Global Configuration Mode by running the command config terminal or config t.

  6. OSPF can have several instances of routers.

    Note: You should not configure several instances of OSPF on the same interface. You can, however, configure OSPF and other routing protocols on the same interface, e.g. OSPF and BGP.

    At the config prompt (config)#, enable OSPF by running the command router ospf <number of instance>. You are now in Router Configuration mode. You must now configure the OSPF protocol.

    Note: The prompt changes to (config-[protocol_name])# in Router Configuration mode. When in this mode, the order of the commands run is not important. Changes are only performed on exiting the mode.
    To exit the Router Configuration mode and return one mode back, i.e. to the Global Configuration mode, run the exit command. To exit the Router Configuration mode and return to the Main mode, run the end command.

  7. Specify on which interfaces OSPF will run, by using network <ipv4_address> <wildcard> area <area ID>.

    (Example of Wildcard: If Network Mask = 255.255.255.0, then Wildcard = 0.0.0.255)

    For example:
    network 172.23.11.0 0.0.0.255 area 0.0.0.0
    network 10.7.0.0 0.0.255.255 area 0.0.0.2


    Note: In OSPF there are two hierarchal levels:
    • Areas: Routing areas, whose IDs are represented in IP address form, e.g. 0.0.0.2

    • Backbone Area: whose ID is represented as 0.0.0.0


  8. You cannot filter OSPF updates within a specific area.

  9. Enter <?> to see optional commands (e.g. redistribute). The redistribute command inserts external routes into a current instance of the OSPF protocol. You may want to redistribute direct or kernel routes into the OSPF advertisements. The command syntax is: redistribute <protocol>
    • redistribute direct: Redistribute routes defined by OS according to interface IPs.

    • redistribute kernel: Redistribute routes defined from sysconfig or SecurePlatform shell.


  10. If this Security Gateway is in a cluster, you should add the line:

    restart-type signaled

    This command allows transparent failover of OSPF between cluster nodes for all adjacent devices.

    Note: Either the "restart-enable" command must be configured as "on" ("restart-enable" on page 193), or Advanced Routing Suite must be restarted with the "-r" flag (see "The Command-line Options" in Operating Advanced Routing Suite) in order for this command to take effect. (Advanced Routing Suite CLI Reference Guide R75.40 (page 195))

  11. In OSPF, a router may either be:
    • a backbone router (ABR) (area boundary router) connects area to the backbone.

    • a regular router


  12. On a given router, if you have not configured an ABR, i.e. a router having interfaces in the backbone area, you cannot configure the other interfaces to be in more than one area. Therefore, all the interfaces will be in the same area.

  13. If you are using an ABR, configured to several areas, you should use summarization. This means that the ABR injects a summarized route for each local area into the backbone area. Summarization should be performed manually. This is due to network administration considerations. The command syntax is:
    area <area ID> range <IP value> <netmask value>

    For example: area 0.0.0.2 range 10.7.0.0 255.255.0.0

  14. Sometimes there are several OSPF instances on the same router. It is recommended that you assign a router-id for each OSPF instance. The syntax is: router id <value>.

    Notes:
    • If you do not assign a specific router-id, it will be assigned automatically.

    • Make sure that two routers with the same router-id are not located in the same area.


  15. PIM protocol uses unicast routes in order to create a multicast traffic tree. This can only be done with unicast routes that are multicast eligible, i.e. potentially usable for multicast. You can configure that all routes learned from OSPF will be multicast eligible. To do this, run the command: multicast-rib.

  16. Exit the Router Configuration mode and return one mode back, i.e. to the Global Configuration mode, by running the exit command.

  17. After these values are entered, exit Router Configuration mode and then exit Global Configuration mode.


Once you return to the Privileged Execution mode, if you want these values to be saved through reboot or different gated sessions, you must store all the applied changes. Do so by running the command write memory.

An example output of sh run (while in the router interface) would be something like this:

router

enable

configure terminal

router ospf 1

network 10.158.21.0 0.0.0.255 area 0.0.0.0

redistribute direct

enable

exit

interface eth5

ip ospf 1 area 0.0.0.0

enable

exit

exit
exit

write memory

 

Related Documentation:

 

Related Solutions:

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment