- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
02-25-2016 11:09 AM
I am putting a PA firewall in our datacenter and am looking to have the firewall advertise the protected subnets out to the rest of the network. However, the rest of the network uses EIGRP, so the datacenter switch and the PA firewall will need to be setup for OSFP in order to have the routes advertised.
I am thinking the PA OSPF instance would be setup as a stub instance and just use a default static route to get back to the rest of the network. The L3 datacenter switch running EIGRP will have OSPF added. From OSFP it would learn routes/subnets from the PA and then redistribute them into EIGRP to be known to the rest of the network.
Problem is, I am not too familiar with OSPF. Should the PA and L3 switch be in same area, which would need to be area 0 I believe? Can I setup the L3 Cisco switch to just learn routes from the PA without needing to advertise any to it?
Or is this not worthwhile and I should just use the L3 switch to resdistribute static routes? Part of the reason I would like to learn OSPF will be another project involving PA routers elsewhere in our network where OSPF will be useful (which will be a small pocket but not a stub).
Any suggestions would be appreciated.
Thanks!
02-25-2016 11:45 AM
All area should be connected to area 0 so PA and the switch should be in area 0.
On switch you can set route filtering to not to advertise anything.
02-25-2016 11:45 AM
All area should be connected to area 0 so PA and the switch should be in area 0.
On switch you can set route filtering to not to advertise anything.
02-25-2016 01:37 PM
Thanks for the input. I suppose anywhere else I have it, I can have isolated pockets of OSFP and since they're isolated, each one can have their own area 0 since I don't forsee us switching to OSFP overall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!