Knowledge Center Search


 

How to change the preference of the static route over the connected route from PPP in ScreenOS?

  [KB21150] Show KB Properties

  [KB21150] Hide KB Properties

Categories:
Knowledge Base ID: KB21150
Last Updated: 26 Aug 2011
Version: 1.0

Summary:
This article describes the procedure of how to change the preference of the static route over the connected route from PPP in ScreenOS.

Problem or Goal:
In certain cases, such as PPPoE or PPPoA, the default route is created as a connected route. However, there may be a requirement of making this route as the secondary and have another static route being preferred.

Solution:
By default, all the interfaces are part of trust-vr. Configure the PPPoE interface in untrust-vr or another custom-vr. After configuring the PPPoE, the default route here will be created in this new vr.

In trust-vr, create a default route pointing to the untrust-vr with the preference higher than the static route.

For example:

  • Eth0/1 has PPPoE configured while Eth0/2 has another ISP.
  • Eth0/2 has IP : 1.1.1.1/24 and gateway IP : 1.1.1.2


Configuration for Eth0/1

  1. Configuring Zone in untrust-VR:

    Web UI
    Network > Zones > New: enter the following and then click OK:
    Zone Name: custom-zone
    Virtual Router Name: Select the virtual router untrust-vr
    CLI
    set zone name custom-zone
    set zone custom-zone vrouter untrust-vr
    save

  2. Binding interface eth0/1 to the new zone:

    WebUI
    Network > Interfaces > Edit (for ethernet0/1): Select custom-zone from the Zone Name drop-down list and then click Apply.
    CLI
    set interface ethernet0/1 zone custom-zone
    save


  3. PPPoE configuration:

    WebUI
    Network > PPP > PPPoE Profile> New: enter the following and then click OK:
    PPPoE instance: pppoe
    Bound to interface: ethernet0/1 (select)
    Username: user1
    Password: 123456
    Authentication: Any (select)
    Access Concentrator: ac-11

    CLI
    set pppoe name pppoe username user1 password 123456
    set pppoe name pppoe ac ac-11
    set pppoe name pppoe authentication any
    set pppoe name pppoe interface ethernet0/1

Configuration for Eth0/2

  1. Configuring Zone in trust-VR:

    WebUI
    Network > Zones > New: enter the following and then click OK:
    Zone Name: Untrust
    Virtual Router Name: Select the virtual router trust-vr

    CLI
    set zone name Untrust
    set zone Untrust vrouter trust-vr
    save

  2. Binding interface eth0/2 to the Untrust zone and assigning IP address:

    WebUI
    Network > Interfaces > Edit (for ethernet0/2): select Untrust from the Zone Name drop-down list, IP Address/Netmask: 1.1.1.1/24, and then click Apply.

    CLI
    set interface ethernet0/2 zone Untrust
    set interface ethernet0/2 ip 1.1.1.1/24
    save

Setting routes in trust-vr

WebUI
Network > Routing > Destination > trust-vr New:enter the following and then click OK:
Network Address/Netmask: 0.0.0.0/0
Next Hop Virtual Router Name: (select); untrust-vr
Preference: 40
Network > Routing > Destination > trust-vr New: enter the following and then click OK:
Network Address/Netmask: 0.0.0.0/0
Gateway: (select)
Interface: ethernet0/2
Gateway IP Address: 1.1.1.2
Preference: 20

CLI
set vrouter trust-vr route 0.0.0.0/0 vrouter untrust-vr preference 40
set vrouter trust-vr route 0.0.0.0/0 interface ethernet0/2 gateway 1.1.1.2 preference 20

Setting routes in untrust-vr

The default route in untrust-vr will automatically be created as the connected route as soon as PPPoE negotiation is done.

Purpose:
Configuration
Implementation
Troubleshooting

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.