Technical Documentation

Example: Configuring Export Rules in a Virtual Router (NSM Procedure)

In this example, you export OSPF routes for the 1.1.1.1/24 network in the trust-vr virtual router to the untrust-vr routing domain. You first create an access list for the network prefix 1.1.1.1/24, which is then used in the route map “ rtmap1” to filter for matches of routes for the 1.1.1.1/24 network. You then create a route export rule to export matching OSPF routes from the trust-vr to the untrust-vr virtual router.

To configure export rules in a virtual router:

  1. In the NSM navigation tree, select Device Manager > Devices. Double-click the device object to open the device configuration.
  2. In the device navigation tree, select Network > Virtual Routers.
  3. Double-click the trust-vr virtual router. The General Properties screen appears.
  4. Configure the access list:
    • In the virtual router navigation tree, select Access List, then click the Add icon in the main display area. The Access List Entries/New dialog box appears.
    • For Access List Number, enter 2.
  5. In the Access List Entries area, click the Add icon. The New Access List Entry dialog box appears. Configure the following, and then click OK:
    • For Sequence Number, enter 10.
    • For Action, select Permit.
    • For Prefix, select Prefix to Filter and enter the IP address/netmask 1.1.1.1/24.
  6. Configure the route map:
    • In the virtual router navigation tree, select Route Map, and then click the Add icon in the main display area. The New Route Map dialog box appears.
    • For Name, enter rtmap1.
    • In the Route Map Entry area, click the Add icon. The New Route-Map Entry dialog box appears.
  7. Configure the following way:
    • For Sequence Number, enter 10.
    • For Action, select permit.
    • In the Match Properties area, in the access list table, select 2.
    • Leave all other defaults and click OK to save the new route map entry.
  8. Configure the export rule:
    • In the virtual router navigation tree, select Export Rules, and then click the Add icon in the main display area. The New Export Rule dialog box appears.
    • For Export to Virtual Router, select untrust-vr.
    • For Route Map, select rtmap1.
    • For Protocol, select OSPF.
  9. Click OK to save the new export rule.
  10. Click OK to save your changes to the virtual router, and then click OK again to save your changes to the device configuration.

In this example, you configure the trust-vr to automatically export all routes to the untrust-vr. You also configure a route map on the untrust-vr to permit only internal OSPF routes.

To configure trust-vr:

  1. In the NSM navigation tree, select Device Manager > Devices. Double-click the device object to open the device configuration.
  2. In Device Manager, double-click a device icon to open the device configuration. In the device navigation tree, select Network > Virtual Routers.
  3. Configure the export rule for the trust-vr:
    • Double-click the trust-vr virtual router. The General Properties screen appears.
    • Select Auto-export route to untrust-vr.
    • Click OK to save your changes to the trust-vr.
  4. Configure the route map for the untrust-vr.
    • Double-click the trust-vr virtual router. The General Properties screen appears.
    • In the virtual router navigation tree, select Route Map, and then click the Add icon in the main display area.
    • For Name, enter from-ospf-trust.
  5. In the Route Map Entry area, click the Add icon. The New Route-Map Entry dialog box appears.

    • For Sequence Number, enter 10.
    • For Action, select permit.
    • In the Match Properties area, in the Route Type table, select Internal OSPF.
  6. Click OK to save the new route map entry, and then click OK again to save the route map.
  7. Click OK to save your changes to the virtual router, and then click OK again to save your changes to the device configuration.

Published: 2009-08-23