Description:
Some scenarios require certain data traffic (e.g. from a server) to be transmitted via a target in a local network (e.g. a separate gateway). To implement this an unmasked default route has to be configured with a Routing tag deviating from 0, which refers to the target within the local network. In order for the data traffic to be transmitted via the separate default route the packets have to be flagged with the corresponding tag by means of a Firewall rule.
As of LCOS 10.42 Rel the packets are discarded with the following error messages:
Firewall Trace:
block-route for 81.81.81.81@5, packet rejected
IP-Router Trace:
Network unreachable (no route) => Discard
In this case the corresponding routing table (can be viewed via the CLI command show ipv4-fib) displays the parameter #Null as the Interface.
Rtg-Tag 5 Prefix Next-Hop Interface ID Masquerading Redistribution Type (Distance) -------------------------------------------------------------------------------------------------------------------------- 0.0.0.0/0 0.0.0.0 #Null 0 no Never Static (255)
Requirements:
- LCOS as of version 10.42 Rel (download latest version)
- LANtools as of version 10.42 Rel (download latest version)
- Configured and functional networks, separate default route and Firewall rule to flag the data traffic
Scenario:
The networks INTRANET and SERVER are configured on a router. Data traffic from the network SERVER should be routed via a separate gateway (192.168.1.253) in the network INTRANET.
- INTRANET: Address range 192.168.1.0/24 with the IP address 192.168.1.254
- SERVER: Address range 192.168.5.0/24 with the IP address 192.168.5.254
An unmasked default route with Routing tag 5 was configured in the IPv4 routing table, which refers ro the separate gateway in the INTRANET (192.168.1.253).
In order fo the data traffic to be routed from the network SERVER via the default route with Routing tag 5, a Firewall rule was created, which flags all data traffic from the source network SERVER with the tag 5 (TAG_SERVER_WAN).
Procedure:
In order for the Next Hop - the routing target - to be reachable after a context change between to Routing tags, the Routing tag of the network, where the Next Hop is located, has to be added in the routing entry.
As an ARP request has to be sent to the target, the route to the Next Hop must have the status Connected LAN or Connected WAN, meaning that the connection must be established (the status can be viewed via the CLI command show ipv4-fib).
1) Connect to the router via LANconfig and go to the menu IP Router → Routing → IPv4 routing table.
2) Select the default route, which refers to the target in the local network (see Scenario) and click Edit.
3) In the field Router append the IP address of the gateway with an @ followed by the routing tag of the network, where the target is located.
Syntax: <Target IP address>@<Routing tag> (in this example 192.168.1.253@0).
4) This concludes the configuration. Write the configuration back into to the device.
