I'm trying to use DHCP to add an additional static route to the clients on our network so that they can access a remote site that is not accessible through the currently configured gateway. Problem can be solved by reconfiguring the entire network, but would rather just push a route down to the clients so they don't even know it has happened. Any thoughts?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Use DHCP To Add Routes
- Thread starter nbowles
- Start date
You'd have to do it by logon script with a "route" command.
route add 192.168.42.0 MASK 255.255.255.0 192.168.1.2
In this example you're defining a route to the "42" network from the "1" network. If you want the route to stick, add the -p option.
Realistically, it's easier to put 1 static route in your local router and not worry about the local workstations.
PSC
Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
route add 192.168.42.0 MASK 255.255.255.0 192.168.1.2
In this example you're defining a route to the "42" network from the "1" network. If you want the route to stick, add the -p option.
Realistically, it's easier to put 1 static route in your local router and not worry about the local workstations.
PSC
Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
The DHCP add routes option only add's host routes - i.e. /32 routes. It is only useful if that is what you want to achieve; based on your comments this isn't what you want. Go woth PSC's idea on using the login script or possibly a GPO?
Can you just not add the route on your default gateway and rely on ICMP redirects?
Andy
Can you just not add the route on your default gateway and rely on ICMP redirects?
Andy
- Thread starter
- #4
Unfortunately the gateway is a Cisco PIX and can't route out the same interface. I tried to add the route there, but it doesn't work. Any tips for the login script? I'm trying to add a route just to my workstation and it doesn't take.
route add 10.0.1.0 255.255.255.0 10.0.0.15
destination^ mask^ next hop^
It complains about the 10.0.0.15 address. My assumption is that it is because it is on a different subnet, but not sure. Is there any way around this? Client stations are on the 10.0.0.X subnet.
route add 10.0.1.0 255.255.255.0 10.0.0.15
destination^ mask^ next hop^
It complains about the 10.0.0.15 address. My assumption is that it is because it is on a different subnet, but not sure. Is there any way around this? Client stations are on the 10.0.0.X subnet.
You need the Keyword 'MASK':
route add 10.0.1.0 mask 255.255.255.0 10.0.0.15
The PIX does support ICMP redirects, this is different from routing in and out the same interface which as you say can't be done. To enable ICMP redirects you need to permit them:
icmp permit 10.1.1.0 255.255.255.0 inside
This permits all ICMP packets but you can get more granular.
Andy
route add 10.0.1.0 mask 255.255.255.0 10.0.0.15
The PIX does support ICMP redirects, this is different from routing in and out the same interface which as you say can't be done. To enable ICMP redirects you need to permit them:
icmp permit 10.1.1.0 255.255.255.0 inside
This permits all ICMP packets but you can get more granular.
Andy
I just re-read the route add statement. I think it will accept the command but as you say the next-hop is not on the same network? I am a bit confused by this, is there a router on the same network that can reach the destination? if so point it at that?
Andy
Andy
- Thread starter
- #7
If you have an existing logon script, just add the line to it.
Also... If you use this command on your PIX do you have problems?
route inside 192.168.42.0 255.255.255.0 192.168.1.2
PSC
Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
Also... If you use this command on your PIX do you have problems?
route inside 192.168.42.0 255.255.255.0 192.168.1.2
PSC
Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
- Thread starter
- #9
Interesting... I never had a problem with that myself...
Just remember that you want that logon script to only apply to systems on the subnet with problems.
I suppose you could insert the command as a "startup" item for all users on the workstation, but then you would have to deploy the batch file to each of the workstations.
PSC
Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
Just remember that you want that logon script to only apply to systems on the subnet with problems.
I suppose you could insert the command as a "startup" item for all users on the workstation, but then you would have to deploy the batch file to each of the workstations.
PSC
Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
- Status
Similar threads
- Locked
- Question