Knowledge Search


×
 

[ScreenOS] How to change the preference of the static route over the connected route from PPP in ScreenOS

  [KB21150] Show Article Properties


Summary:
This article describes the procedure to change the preference of the static route over the connected route from PPP in ScreenOS.
 
Symptoms:
In certain cases, such as PPPoE or PPPoA, the default route is created as a connected route. However, there may be a requirement of making this route as the secondary and have another static route being preferred.
Solution:
By default, all the interfaces are part of trust-vr. Configure the PPPoE interface in untrust-vr or another custom-vr. After configuring the PPPoE, the default route here will be created in this new vr.

In trust-vr, create a default route pointing to the untrust-vr with the preference higher than the static route.

For example:
  • Eth0/1 has PPPoE configured while Eth0/2 has another ISP.
  • Eth0/2 has IP : 1.1.1.1/24 and gateway IP : 1.1.1.2
 

Configuration for Eth0/1

  1. Configure a Zone in the untrust-VR:

    Web UI
    1. Select Network > Zones > New
    2. Enter a Zone Name: custom-zone
    3. Select Virtual Router Name: [Select the virtual router untrust-vr]
    4. Click OK
    CLI
    set zone name custom-zone
    set zone custom-zone vrouter untrust-vr
    save

  2. Bind the interface eth0/1 to the new zone:

    WebUI
    1. Select: Network > Interfaces > Edit (for ethernet0/1)
    2. Select custom-zone from the Zone Name drop-down list
    3. Click Apply
    CLI
    set interface ethernet0/1 zone custom-zone
    save

     
  3. Configure PPPoE
    WebUI
    1. Select: Network > PPP > PPPoE Profile> New
    2. Enter:
      PPPoE instance: pppoe
      Bound to interface: ethernet0/1 (select)
      Username: user1
      Password: 123456
      Authentication: Any (select)
      Access Concentrator: ac-11
    3. Click OK

    CLI
    set
    pppoe name pppoe username user1 password 123456
    set pppoe name pppoe ac ac-11
    set pppoe name pppoe authentication any
    set pppoe name pppoe interface ethernet0/1

Configuration for Eth0/2
 
  1. Configuring Zone in trust-VR:

    WebUI
    1. Select: Network > Zones > New
    2. Enter
      Zone Name: Untrust
      Virtual Router Name: [Select the virtual router <trust-vr>]
    3. Click OK

    CLI
    set zone name Untrust
    set zone Untrust vrouter trust-vr
    save

  2. Bind the interface eth0/2 to the Untrust zone and assign an IP address:

    WebUI
    1. Select: Network > Interfaces > Edit (for ethernet0/2)
    2. Select Untrust from the Zone Name drop-down list
    3. Enter the IP Address/Netmask: 1.1.1.1/24
    4. Click Apply


    CLI
    set
    interface ethernet0/2 zone Untrust
    set interface ethernet0/2 ip 1.1.1.1/24
    save

Setting routes in trust-vr
  WebUI
  1. Select: Network > Routing > Destination > trust-vr New:enter the following and then click OK:
  2. Enter:
    Network Address/Netmask: 0.0.0.0/0
    Next Hop Virtual Router Name: (select); untrust-vr
    Preference: 40
    Network > Routing > Destination > trust-vr New: enter the following and then click OK:
    Network Address/Netmask: 0.0.0.0/0
    Gateway: (select)
    Interface: ethernet0/2
    Gateway IP Address: 1.1.1.2
    Preference: 20
  3. Click OK


CLI
set vrouter trust-vr route 0.0.0.0/0 vrouter untrust-vr preference 40
set vrouter trust-vr route 0.0.0.0/0 interface ethernet0/2 gateway 1.1.1.2 preference 20

Setting routes in untrust-vr
 
The default route in untrust-vr will automatically be created as the connected route as soon as PPPoE negotiation is done.
Modification History:
2017-12-07: Article reviewed for accuracy. Minor grammatical changes made. Article is correct and complete.
Related Links: