Knowledge Search


×
 

[Archive] [ScreenOS] Configuring OSPF on firewall

  [KB4325] Show Article Properties


Summary:
How to enable OSPF on ScreenOS firewalls
Symptoms:
The basic instructions are documented below.

For more details, refer to the OSPF chapter in the ScreenOS Concepts & Examples Guide - Routing: http://www.juniper.net/techpubs/software/screenos/screenos6.3.0/630_ce_Routing.pdf.
Solution:
There are two steps needed to establish OSPF adjacency with other OSPF routers or firewalls:

1. Enable OSPF protocol on a specific virtual router
2. Enable OSPF on a specific interface.

The WebUI and CLI instructions are provided below:


WebUI


In this example, you enable the OSPF routing instance on the virtual router trust-vr and enable OSPF on the trust interface.

Open the WebUI. For more information on opening the WebUI, go to Connecting to Your NetScreen Device Using the WebUI.

From the ScreenOS options menu, click Network, select Routing, and then click Virtual Routers.


From trust-vr, click Edit.

Image of step three


From Dynamic Routing Protocol Support, click Edit OSPF Instance.

Image of step four


Click to select OSPF Enabled.

Image of step five and six

Click OK.

Click OK.

Image of step seven


From the ScreenOS options menu, click Network, and then click Interfaces.

Image of step eight


From ethernet1, click Edit.

Image of step nine


From the Edit page, click OSPF.

Image of step ten


Click to enable Enable Protocol OSPF.

Image of step eleven and twelve

Click to enable Bind to Area, and then enter 0.0.0.0.

Click Apply.

Image of step thirteen




CLI


To configure interface Ethernet3 on the ScreenOS firewall to form the adjacency with the upstream router running OSPF in area 0:

set vr trust-vr protocol ospf
set interface e3 proto ospf area 0.0.0.0





To verify the OSPF configuration:

ns-> get interf e3 proto ospf
VR: trust-vr RouterId: 2.2.2.1
----------------------------------
Interface: ethernet3
IpAddr: 2.2.2.1/24, OSPF: enabled, Router: enabled
Type: Ethernet Area: 0.0.0.0 Priority: 1 Cost: 10
Transit delay: 1s Retransmit interval: 5s Hello interval: 10s
Router Dead interval: 40s Authentication-Type: None
State: Designated Router DR: 2.2.2.1(self) BDR: 2.2.2.9
Neighbors:
RtrId: 8.8.8.1 IpAddr: 2.2.2.9 Pri: 1 State: Full



Other useful commands:

get route
get vr trust protocol ospf
get vr trust protocol ospf neighbor

Related Links: