Part 1 of this guide covers the VPN configuration and setup for this topology. This part covers the OSPF configuration and peering.
Lets start with the OSPF configuration on the HUB
If you don’t see “OSPF” under the network tab, you’ll need to enable “Advanced Routing” under System–> Feature Visibility:
Enable Advanced Routing and click “OK”
Navigate to Network –> OSPF. Set a router ID (this can be anything, but i like to keep mine within the same network ranges)
Under Areas, click create new and create an area 0.0.0.0
Under Networks, add the networks you used on your primary and secondary tunnel interface IPS. In this example, my hub configuration handed out IP addresses in the 192.168.131.0/24 and 192.168.132.0/24 ranges.
Once done, it should look like this
Under Interfaces, click “Create New”, we need to add our VPN interfaces here. You also need to select BFD “Enable” and “Point to Point” for Network Type
Config should end up looking something like this:
As we scroll down, we need to choose what networks we want to advertise into OSPF. I typically only redistribute “Connected” networks, but sky is the limit here. You also have the ability to filter out what “Connected” networks you advertise, which is what I recommend.
To do this, toggle the option for “Connected” and for “Route Map” select “Filter”. Click the dropdown box and select “Create”
This is where you permit what networks are being advertised. So, for instance if you wanted to allow the Guest WIFI network (which you shouldn’t), you’d click Create New in the Route Map menu
Then toggle the option for matching an interface and select the interface you’d like to advertise
Click OK and save all the way out. Your Named Route Map should now show
We’ve done a lot of configuration. Go to the bottom of the page and click “OK” to save settings.
There is one last command you need to enable to ensure quick failover if there is an issue with a tunnel. This setting is called BFD and needs to be enabled in the CLI.
Launch a command prompt and run the following commands:config system settings
set bfd enable
end
Thats it! Now, repeat these same steps for your spoke. The Router ID of your spoke and the networks you filter to advertise will need to differ, but all other config should remain the same.
A successful peering should show neighbors in your OSPF menu
To Verify routes are being learned, you can launch CLI and enter the command:get router info routing-table ospf
You should see routes like this:
Need networking help or assistance?
Email me directly to set up a consulting session!
