O'Reilly logo

ScreenOS Cookbook by Sunil Wadhwa, Joe Kelly, Ken Draper, David Delcourt, Vik Davar, Stefan Brunner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

16.1. Configure OSPF on a ScreenOS Device

Problem

You need to enable OSPF on a ScreenOS device.

Solution

First, enable the routing instance and then move interfaces into the area and enable those:

	FIREWALL-A-> set vrouter "trust-vr"
	FIREWALL-A(trust-vr)-> set router-id 192.168.19.1
	FIREWALL-A(trust-vr)-> set protocol ospf
	FIREWALL-A(trust-vr/ospf)-> set enable
	FIREWALL-A(trust-vr/ospf)-> exit
	FIREWALL-A(trust-vr)-> exit
	FIREWALL-A-> set interface ethernet0/1 protocol ospf area 0.0.0.0
	FIREWALL-A-> set interface ethernet0/1 protocol ospf enable
	FIREWALL-A-> set interface serial1/0 protocol ospf area 0.0.0.0
	FIREWALL-A->set interface serial1/0 protocol ospf enable

Discussion

In ScreenOS, routing protocol instances are tied to Virtual Routers (VRs). VRs are tied to zones, and zones are tied to interfaces. A VR consists of potentially two things: a routing table and perhaps instances of one or more routing protocols. By default, all zones are in the trust-vr. In the OSPF network depicted in Figure 16-1, area 0 has three devices.

OSPF single-area topology

Figure 16-1. OSPF single-area topology

Before you can enable OSPF on an interface, you need to configure the physical and link-layer options, the zone, and the IP address. You also need to configure the area (area 0 is already preconfigured) and you need to enable OSPF on the VR:

	FIREWALL-A-> set interface ethernet0/1 zone "Untrust"
	FIREWALL-A-> set interface ethernet0/1 ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required