Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DamianE
New Contributor III

Static routes redistribition over OSPF

I have a Fortgate connected with others using OSPF, this one have some static routes that need to be redistributed over OSPF, so I configured to redistribute all. But now I need to add some static routes that will not to be redistributed.

 

I found this Technical tip https://community.fortinet.com/t5/FortiGate/Technical-Tip-OSPF-static-routes-redistribution-example/... 

 

Is not exacly what i need but i try to adjust like this....

 

 

 

 config router access-list
    edit "NOT-Redistribute"
    config rule
        edit 1
            set prefix 10.241.224.0/19
            set exact-match enable
            set action deny
          next
        edit 2
            set prefix 192.168.192.0/20
            set exact-match enable
            set action deny
          next
        edit 3
            set prefix 10.241.48.0/20
            set exact-match enable
            set action deny
          next
      end
  end
    edit "Redistribute-ALL"
    config rule
        edit 1
            set prefix 0.0.0.0/0
            set exact-match enable
            set action accept
          next
      end
  end

end


config router route-map
    edit "static-to-ospf"
    config rule
          edit 1
            set match-ip-address "NOT-Redistribute"
          next
	  edit 2
            set match-ip-address "Redistribute-ALL"
          next
        end
    end
end

Step 3: Use the route-map.

config router ospf
  config redistribute "static"
    set status enable
    set routemap "static-to-ospf"
  end
end

 

 

 

 I think that wiht this it will redistribute all static routes except the 3 listed in NOT-Redistribute

 

Im right?

 

2 Solutions
kcheng
Staff
Staff

Hi @DamianE 

 

Say that you have 10 static routes, and you wanted to filter the 3 mentioned in your post, you do not need to have 2 access list. It can be done with one access-list as below:

config router access-list
    edit "NOT-Redistribute"
    config rule
        edit 1
            set prefix 10.241.224.0/19
            set exact-match enable
            set action deny
          next
        edit 2
            set prefix 192.168.192.0/20
            set exact-match enable
            set action deny
          next
        edit 3
            set prefix 10.241.48.0/20
            set exact-match enable
            set action deny
          next
         edit 4
            set prefix any
          next
      end
  end

Then, you apply the access-list to route-map and apply the route-map to the ospf settings:

config router route-map
    edit "static-to-ospf"
    config rule
          edit 1
            set match-ip-address "NOT-Redistribute"
          next
        end
    end
end

Step 3: Use the route-map.

config router ospf
  config redistribute "static"
    set status enable
    set routemap "static-to-ospf"
  end
end
Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

Toshi_Esumi
SuperUser
SuperUser

If you still want to separate "allow-all", probably this is the one you wanted to follow.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Create-an-Access-list-on-a-Route-Map-that-...

It could be more flexible when you can to have mulitple "deny" access-lists by grouping them.

 

I would use "config router prefix-list" though instead of "config router access-list". A little more intuitive if your background is L3 routers, like Cisco, Juniper, etc.

 

Toshi

 

View solution in original post

4 REPLIES 4
kcheng
Staff
Staff

Hi @DamianE 

 

Say that you have 10 static routes, and you wanted to filter the 3 mentioned in your post, you do not need to have 2 access list. It can be done with one access-list as below:

config router access-list
    edit "NOT-Redistribute"
    config rule
        edit 1
            set prefix 10.241.224.0/19
            set exact-match enable
            set action deny
          next
        edit 2
            set prefix 192.168.192.0/20
            set exact-match enable
            set action deny
          next
        edit 3
            set prefix 10.241.48.0/20
            set exact-match enable
            set action deny
          next
         edit 4
            set prefix any
          next
      end
  end

Then, you apply the access-list to route-map and apply the route-map to the ospf settings:

config router route-map
    edit "static-to-ospf"
    config rule
          edit 1
            set match-ip-address "NOT-Redistribute"
          next
        end
    end
end

Step 3: Use the route-map.

config router ospf
  config redistribute "static"
    set status enable
    set routemap "static-to-ospf"
  end
end
Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
DamianE
New Contributor III

 

I try just like you propose, it's more elegant

 

Thanks!!?

 

 

Toshi_Esumi
SuperUser
SuperUser

If you still want to separate "allow-all", probably this is the one you wanted to follow.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Create-an-Access-list-on-a-Route-Map-that-...

It could be more flexible when you can to have mulitple "deny" access-lists by grouping them.

 

I would use "config router prefix-list" though instead of "config router access-list". A little more intuitive if your background is L3 routers, like Cisco, Juniper, etc.

 

Toshi

 

Toshi_Esumi

Although the KB I referred to was based on BGP, the access-list and route-map part should be the same with OSPF. Especially when they're applied to static route re-distribution.

 

Toshi

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors