Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

SRX Getting Started - Configure OSPF

0

0

Article ID: KB16570 KB Last Updated: 25 Mar 2020Version: 10.0
Summary:

This article describes how to enable OSPF and configure an OSPF network.  For information on configuring OSPF filter policies, refer to KB16617 - SRX Getting Started - Configure Routing Policy to export Local, Static and Direct routes for OSPF.

For other topics, go to the SRX Getting Started main page.

Solution:

This section contains the following:

J-Web Configuration

For information about OSPF and how to configure an OSPF network, see the Technical Documentation section. 

The following example enables OSPF on the ge-0/0/0.0 and lo0.0 interfaces and configures an OSPF network.
  1. Select Configure>Routing>OSPF.
  2. Click Add.
  3. In the Area Id box, type the 32-bit identifier for the area (for example, 0.0.0.0)
  4. Click the Interfaces tab.
  5. For each interface to add to the area, select the Associate check box (for example, ge-0/0/0.0).
  6. Optionally, select the Associate check box for a loopback interface (for example, lo0.0) to add to the area.
  7. Select the loopback interface, and click Edit. The Edit interface settings dialog box appears.
  8. Make sure that the Enable OSPF on this interface option is selected.
  9. To specify that the direct interface addresses on the interface are advertised without running OSPF on the interface (passive mode), select the Don't run OSPF, but advertise it check box.
  10. Click OK.
  11. If there are any other interfaces that use passive mode, select each interface, and click Edit. Repeat steps 8 through 10 for each interface.
  12. In the Add Area dialog box, click OK.
  13. In the OSPF Global Settings area, click Edit. The Edit Global Settings dialog box appears.
  14. In the Router Id box, type a router identifier (for example, 192.168.1.2).
  15. Click OK.
Next, you must specify OSPF as an allowed inbound protocol for each interface that is associated with OSPF.
  1. Select Configure>Security>Zones.
  2. Click the security zone that you want to modify (for example, trust).
  3. Under Interfaces Configuration, select an interface in the zone that is associated with OSPF (for example, ge-0/0/0.0), and click Edit.
  4. In the Host Inbound Traffic Option section, under Protocols, select Allow Selected Protocols.
  5. In the Allowed Selected Protocols box, select ospf, and click Add.
  6. Click OK.
  7. To apply your changes, click Apply.
Repeat this procedure for each interface that is associated with OSPF.

If you are finished configuring the device, click Commit to commit the configuration.

 

CLI Configuration

For information about OSPF and how to configure an OSPF network, see the Technical Documentation section. 

The following example enables OSPF on the ge-0/0/0.0 and lo0.0 interfaces and configures an OSPF network.

  1. Enable OSPF on an interface. In this example, OSPF is enabled on ge-0/0/0.0, and a backbone area with an area ID of 0.0.0.0 is created.
    user@host# set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
  2. Permit OSPF traffic to a security zone. In this example, OSPF is specified as an allowed inbound protocol.
    user@host# set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic protocols ospf
  3. Enable OSPF on a loopback interface. In this example, 192.168.1.2/32 is assigned to the lo0 interface, and OSPF is enabled on the lo0.0 interface. Passive mode specifies that the direct interface addresses on the interface are advertised without running OSPF on the interface.
    user@host# set interfaces lo0 unit 0 family inet address 192.168.1.2/32
    user@host# set protocols ospf area 0.0.0.0 interface lo0.0 passive   
  4. Specify a router identifier. In this example, the router identifier is 192.168.1.2. Specifying a router identifier (RID) uniquely identifies each router in the OSPF database.
    user@host# set routing-options router-id 192.168.1.2
  5. To specify that direct interface routes are announced, add the interface to the OSPF area in passive mode. In this example, vlan.100 is added to the OSPF area 0.0.0.0 in passive mode.
    user@host# set protocols ospf area 0.0.0.0 interface vlan.100 passive
 

Technical Documentation

OSPF Feature Guide for Security Devices

 

Verification

To verify the OSPF configuration, use the following operational command:

user@host> show ospf neighbor 
Address          Interface              State     ID               Pri  Dead
10.222.2.2       ge-0/0/11.0            Full      192.168.36.1     128    36

For sample output, see Verifying OSPF Neighbors.

 

Troubleshooting

To troubleshoot OSPF issues, use the following traceoptions commands.  For more information about configuring traceoptions, see KB16108 -- Configuring Traceoptions for Debugging and Trimming Output.
  
user@host#
set protocols ospf traceoptions file ospf.debug size 5m files 5
user@host# set protocols ospf traceoptions flag all

This file collected via traceoptions is saved in /var/log and can be viewed as follows:

file list detail /var/log | match ospf.debug
show log ospf.debug


Use the traceroute tool on each loopback address in the network to verify that all hosts in the network are reachable from device. For more information, see Verifying Reachability of All Hosts in an OSPF Network.

 

 

Modification History:

2020-03-25: Article reviewed for accuracy; it is valid and accurate

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search