使用与退出界面的默认路由的下一个跃点 - Knowledge Base - Palo Alto Networks

使用与退出界面的默认路由的下一个跃点

66960

Created On 09/26/18 13:48 PM - Last Modified 06/09/23 05:56 AM

Resolution

概述

静态默认路由可以用两种不同的方式进行配置。他们可以指出采取一个特定的出口接口或下一个跃点 IP 可以使用。如果将静态路由指向以太网接口, 则仅当接口向上时, 路由才会插入到路由表中。建议不要使用此配置, 因为当静态路由的下一跃点指向某个接口时, 路由器会考虑路由范围内的每个主机通过该接口直接连接。

阿斯温

通过这种类型的配置, 路由器在以太网上为路由器在默认路由中找到的每个目标执行地址解析协议 (ARP), 因为路由器将所有这些目标都视为直接连接到接口 e1/1。这种实现可以将 arp 缓存与不同目标的相同 arp 条目一起淹没, 最终导致与 arp 相关的数据包下降。

接口 ip 地址硬件地址端口状态 ttl

-----------------------------------------------------------------------------------

ethernet1/1 4.4.4.4 e4:c7:22:91:a5:c2 ethernet1/1 c 1592

ethernet1/1 8.8.8.8 e4:c7:22:91:a5:c2 ethernet1/1 c 1591

ethernet1/1 10.50.140.53 c8:cb:b8:61:e3:fc ethernet1/1 c 1658

ethernet1/1 23.52.66.106 e4:c7:22:91:a5:c2 ethernet1/1 c 1604

ethernet1/1 23.61.92.204 e4:c7:22:91:a5:c2 ethernet1/1 c 1608

ethernet1/1 31.13.79.128 e4:c7:22:91:a5:c2 ethernet1/1 c 1599

ethernet1/1 46.137.180.155 e4:c7:22:91:a5:c2 ethernet1/1 c 1607

ethernet1/1 54.243.101.130 e4:c7:22:91:a5:c2 ethernet1/1 c 1609

ethernet1/1 74.125.68.188 e4:c7:22:91:a5:c2 ethernet1/1 c 1603

ethernet1/1 74.125.130.84 e4:c7:22:91:a5:c2 ethernet1/1 c 1607

ethernet1/1 74.125.130.95 e4:c7:22:91:a5:c2 ethernet1/1 c 1597

ethernet1/1 74.125.130.99 e4:c7:22:91:a5:c2 ethernet1/1 c 1602

ethernet1/1 74.125.130.100 e4:c7:22:91:a5:c2 ethernet1/1 c 1619

ethernet1/1 74.125.130.103 e4:c7:22:91:a5:c2 ethernet1/1 c 1602

ethernet1/1 74.125.130.104 e4:c7:22:91:a5:c2 ethernet1/1 c 1602

ethernet1/1 74.125.130.113 e4:c7:22:91:a5:c2 ethernet1/1 c 1599

ethernet1/1 74.125.130.132 e4:c7:22:91:a5:c2 ethernet1/1 c 1599

ethernet1/1 74.125.130.138 e4:c7:22:91:a5:c2 ethernet1/1 c 1605

ethernet1/1 74.125.130.139 e4:c7:22:91:a5:c2 ethernet1/1 c 1606

ethernet1/1 74.125.130.155 e4:c7:22:91:a5:c2 ethernet1/1 c 1606

ethernet1/1 74.125.236.110 e4:c7:22:91:a5:c2 ethernet1/1 c 1606

ethernet1/1 74.125.236.120 e4:c7:22:91:a5:c2 ethernet1/1 c 1599

ethernet1/1 74.125.236.199 e4:c7:22:91:a5:c2 ethernet1/1 c 1604

ethernet1/1 74.125.236.205 e4:c7:22:91:a5:c2 ethernet1/1 c 1599

ethernet1/1 74.125.236.208 e4:c7:22:91:a5:c2 ethernet1/1 c 1691

ethernet1/1 74.125.236.215 e4:c7:22:91:a5:c2 ethernet1/1 c 1564

ethernet1/1 74.125.236.217 e4:c7:22:91:a5:c2 ethernet1/1 c 1600

另一种安装静态路由的方法是使用下一跃点 IP。由于静态路由是递归性质的, 因此, 只要它有一条通向下一跃点的路由, 该静态路由就应该可以在该类中使用。在直接连接的接口上指定下一个跃点可防止防火墙在每个目标地址上执行 ARP。

ash2。Jpg

接口 ip 地址硬件地址端口状态 ttl

--------------------------------------------------------------------------------

ethernet1/1 10.50.140.1 e4:c7:22:91:a5:c2 ethernet1/1 c 1766

>> 显示 arp ethernet1/1

支持的最大条目数: 500

默认超时时间： 1800 秒

表中的 ARP 条目总数: 1

显示的 ARP 项目总数: 1

状态︰ s-静态，c-完整，e-到期，我 — — 不完整

如果网络设置有冗余链接到达下一跃点, 最好的做法是提到下一跃点以及浮动静态路由的退出接口, 以有效地工作。

ash3。Jpg

所有者： aprasanna

Other users also viewed:

How to download GlobalProtect from the Customer Support Portal

Download and Install the GlobalProtect App for Windows

Resource List: GlobalProtect Configuring and Troubleshooting

PAN-OS Software Updates

Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)