Unsure of proper configuration for SF300-24 & router

Similar Messages

• Cisco works LMS 3.0.1 does not archiever configuration for cisco 7201 router

  Hi All,
  We have Cisco works LMS 3.0.1 and it does not archiever configuration for cisco 7201 router.
  Any help would be appriciated.
  Thanks in advance
  Samir

  Hi,
  *** Device Details for d0151-100 ***
  Protocol ==> Unknown / Not Applicable
  Selected Protocols with order ==> TFTP,SSH,HTTPS
  Execution Result:
  Unable to get results of job execution for device. Retry the job after increasing the job result wait time using the option:Resource Manager Essentials -> Admin -> Config Mgmt -> Archive Mgmt ->Fetch Settings
  This is the error while doing syn archieve.
  I am not sure about Rtr7000 version but we have latest Rtr7000.
  Waiting for your kind reply.
  Samir

• Optimal configuration for Cisco E3000 Router

  Hi All,
  Following are the details of my current home network setup, I would like to hear more recommendations and drawbacks of this setup.
  ISP has provided with a Cisco  DPC3825 DOCSIS 3.0 Gateway which has 4 Ethernet ports and a wireless networking but only 2.4 GHz.. This router is connected to the cable CPE box to internet. I have enabled the Firewall features of this router and disabled the Wireless network. This has also the DHCP server running. 
  The Second router is a Cisco E3000 which supports 2.4 GHz / GHz wireless networking. Connection to gateway is made via the 1st Ethernet port of gateway and then to the Internet port of E3000 router. I have connected my wireless devices to E3000 with GHz wifi lan. This router also has the firewall activated and DHCP server running as well.
  Both routers have WEP2 Personal / AES security configured. Currently these two devices are on two different IP ranges ..etc gateway is 192.168.0.1 and e3000 is 192.168.1.1.
  The E3000 is primarily configured for my online video for TV (Panasonic Vireacast). Please let me know if this is the best configuration or any other possible options.
  Thanks,
  RG

  This configuration is called LAN to WAN configuration and this is the best configuration considering that you want to behave both the router as a router.
  Because the other confiuration would be LAN to LAN then you can only use 1 router as a router and 2nd router as a switch.
  http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&docid=529c188bc0ee4f7da79ffc22f2be33ec_4579.xml&pid=80&r...
  The first configuration in the article is is LAN to LAN, scroll down the window for LAN to WAN configuration.

• Typical configuration for Pix501 after router

  Our network topology is:
    wire from street  -> cable modem   -> router  ->  computers
  The router is a simple Netgear wireless router.    We want to install a Pix501 firewall for one of the computers only (cant do it for all computers for a complicated reason).   So we want it to look like this:
    wire from street  -> cable modem   -> router  -> Pix501 ->  one computer
  The router uses IP addresses 192.168.1.x.   We installed the Pix501 as shown above, but no matter what configuration we try, it is not working.
  I've searched high and low through this forum for typical configuration to use in the Pix501.  I've also read the official Cisco configuration guide at
  http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/config.html  ... but they all seem to discuss topologies where the Pix501 is between the cable modem and the router. 
  Can someone point me to a reference document that suggests a typical Pix501 configration settting for where the Pix501 is between the router and  computer?   Once I get a good starting point, I'm sure I can take it from there.   Thanks!

  Hi,
  If your aim is to just simply allow outbound traffic from the user behind the PIX to the Internet then there should not be that many things to configure on the PIX.
  It would either have a static "outside" interface configuration with a static default route configuration pointing towards the Router gateway interface in the network 192.168.1.0/24.
  If you have the PIX using DHCP then it will probably get the IP address and default route from the Router automatically.
  Next you would have to make sure you have configured Dynamic PAT for the user so its connection will show up coming from the 192.168.1.0/24 address space to the Router. Otherwise it might be visible to the Router with its original IP address and naturally the connections wouldnt work.
  I guess you could always share the current configuration and let us see if there are any problems there. The software version and the device itself are pretty old though. Pretty ancient configuration format
  - Jouni

• Best configuration for a LinkSys Router

  I've had the best wifi signal using a new LinkSys E3000 router, but it's varied depending on the band/channel. Can anyone else with a LinkSys router recommend settings that work best with an iPad?
  Here's mine:
  LinkSys E3000
  5GHz
  N-only
  20MHz channels
  Static IP, using DHCP reservation
  36-48 channels
  SSID broadcast enabled

  Let me know the distance between wrt54gs router and the access point...
  If the distance is 60 to 70 feet you may try this...Though AP Client will only work with another WAP54G you may still try this...This set up will not work if you try to communicate the WRT54GX2 router with WAP54G, so you need to configure the WRT54GS router with WAP54G...
  1) Connect the WRT54GS router to the modem and configure the WRT54GS router for internet access...Once you are done configure your Access Point in Access Point Client Mode...For this you need to log in to your wrt54gs router and go to status tab, click on Wireless subtab under Status...Note down the MAC Address...
  2) Now access the set-up page of your Access Point, click on AP Mode and select AP Client and in the Remote Access Point's LAN MAC Address field type the Wireless MAC Address you took note in Step1 and click Save Settings...
  3) Match the Wireless Settings and IP Address settings on both the devices(WRT54GS and WAP54G)...
  4) Connect the WAP54G on the LAN/ETHERNET Port of the WRT54GX2 router and disable it's DHCP...Change the Wireless Settings on the WRT54GX2 router and connect your wireless clients to the router...See if this works...

• What's "SAVE" configuration command for Cisco switch/ router?

  What's "SAVE" configuration command for Cisco switch / router? I know Switch#copy running-config startup-config works well,
  but so long, any other command that easy to remenber?

  What's "SAVE" configuration command for Cisco switch / router? I know Switch#copy running-config startup-config works well, but so long,
  any other command that easy to remenber?
  yes, here: Switch#write,and want to know more about the Cisco switch, please visit:http://www.3anetwork.com/cisco-switches-price_c1

• LZW 4G LTE Router Configuration for Cisco 881W (Teleworker, VPN)

  I can't get the configuration of the the router to allow traffic on my company's VPN. The router is connected to the internet and otherwise works fine but whenever I attempt to connect via Cisco AnyConnect or the Cisco router, I can connect but can't access any intranet resource, email, etc. In essence, I can authenticate but can't do anything.
  I've tried contacting NetGear and they referred me to Verizon. I contact Verizon and Technical Support does not have any information about how to configure their own routers. I'm waiting to hear back from an escalation group in my company's technical support.
  I tried opening ports for UDP/TCP already and I attempted to create a static route but the router tells me that my info in incorrect (but I have no idea what is wrong either).
  Has anyone come across a similar situation or could help point me in a direction towards a solution?
  Thansk.

  Check with the network administrators for your company.  They should be able to confirm the version of your Cisco AnyConnect VPN and the requirements that it needs to open and sustain a tunnel.  Once you learn the requirements you can come back to the VZW forums for assistance on configuring your device.
  Normally when a VPN authenticates but does not allow any communcation it means that there is a port, firewall rule or NAT feature conflict somewhere on the local network.  For example, the old Cisco IPSec VPN requires UDP ports 500/4500, IP 50 and TCP 10000 to be open in addition to NAT-T enabled on the VPN server.  Your company may have customized the VPN for thier enviornment so you really need the details before you can move forward.
  A good link I like to save for instances like this (old Cisco VPN):
  http://www.canvassystems.com/blog/articletype/articleview/articleid/14/how-to-fix-cisco-vpn-client-error-412.aspx

• What is the proper config for the Airport Extreme when a Voice over IP device is between the cable modem and the router.

  What is the proper config for the Airport Extreme when a Voice over IP device is between the cable modem and the router.  Its a VoIPo device. The cable modem is connected to the VoIP WAN port and the LAN port on the device feeds the Airport Extreme.  The VOIP is working fine, and my Mac are getting 10. addresses from the Airport Extreme.  But I do get confict messages and lose my connection periodicaly.  Looking for help.

  Its a VoIPo device.
  Per chance, is this device the Grandstream HT502?

• Ipx configuration for router 2800

  please help me to have ipx configuration for router 2800 work with novel ver4 server.

  please help me to have ipx configuration for router 2800 work with novel ver 4 server.

• 6602: Want to route a dedicated DIO (0-7) Line configured for output to a RTSI line

  PXI-6602: I want to use a dedicated DIO (0-7) line configured for output to trigger all 8 counters on the 6602 card. The counters are configured for two-signal-edge-separation measurement. I Have tried to use Route-Signal.vi to route PFIn (0-7) to RTSI bus with no luck.

  You should be able to trigger counters on the 6602 using the Digital Lines DIO (0-7).
  Use the Set Attribute VI and set the attribute value type to Enabled and attribute ID to Start Trigger.
  Wire the output of Set Attribute Task ID to the Task ID input of the Route Signal VI. Select the start trigger for the Signal Name input, PFI n for Signal Source input and PFI line Number for Signal Source Line Number input. Try this and see if this works.
  Regards,
  Bharat Sandhu
  Applications Engineering
  National Instruments."
  Penny

• Require to configure CUCM and Gateway router PRI for 200 users

  Hi all,
  My current scenario is like this:
  We have two CUCM servers(7.1) in reduandancy. One is publisher and other is subscriber. We have a gateway router 2921 with a single PRI card. We have 200 IP Phone users. Currently the problem is we have only 30 telephone lines. So with the help of DID configuration. We assign thirty ports to thirty users. Now these thirty users are able to to make an outbound call and recieve an Inbound call. Now I also want to create a pattern in which we dedicate 10 channaels for other 120 users to make an outbound call. And restrict 50 users to not make an outbound call. So we require such a scenario.
  Total 200 Users:
  1. First 30 users. Able to make an outbound call and also able to recieve an inbound call.
  2.  Next 120 Users. Able to make an outbound call. But not able to recieve an inbound call because of PRI restriction. Because we only have a thirty numbers. Dedicate 10 channels for them.
  3. Last 50 users. Not able to make an outbound call. And also not able to recieve an Inbound call.
  So I need a configurations of Gateway router and PRI. And also of CUCM in which we could define such a pattern.
  Regards,
  Ali Raza

  Ali,
  The outbound call restrictions can be implemented using the CUCM Calling Search Space configurations.  A basic example to illustrate:
  Partition 1:  internal_pt   (only internal patterns)
  Partition 2: phones_pt (ip phones on your network)
  Partition 3: pstn_pt (off net patterns/external)
  CSS1: Offnet_css
  internal_pt
  phones_pt
  pstn_pt
  CSS2: Onnet_css
  internal_pt
  phones_pt
  You place all patterns that can reach off net in "pstn_pt". Phones that are using CSS2 cannot reach off net.  The above example is leveraging the device CSS for all call routing decisions.Using this approach, you would assign "onnet_css" to phones that can only dial internally. NOTE: I am just using a basic example here and not suggesting you use this PT/CSS config "as is".
  There is another approach where you "allow" all patterns on a device and "restrict" on the line. For example:
  Partition 1:  internal_pt   (only internal patterns)
  Partition 2: phones_pt (ip phones on your network)
  Partition 3: pstn_pt (off net patterns/external)
  Partition 4: block-pstn_pt (blocking patterns for pstn)
  CSS1: AllPhones_css
  internal_pt
  phones_pt
  pstn_pt
  CSS2: restrict-pstn_css
  block-pstn_pt
  Again, pstn_pt contains all pstn patterns.  The block-pstn_pt would also contain off net patterns. The difference is that in the block-pstn_pt all patterns would have the "Block this pattern" flag enabled. All phones would have a Device Level CSS of AllPhones_css.  Phone lines where you wanted to restrict off net dialing would have a Line Level CSS of restrict-pstn_css.
  Just a quick refresher, when a phone LINE goes off hook to dial the CUCM is using the "Line Level CSS" + "Device Level CSS" to make the routing decision.  So, assume Line 1 on Phone A has restrict-pstn_css and the phone Device Level CSS is AllPhones_CSS. The Effective Search Space is:
  1. block-pstn_pt
  2. internal_pt
  3. phones_pt
  4. pstn_pt
  So, if we assume that block-pstn_pt contains patterns that override patterns in pstn_pt then you can effectively block off net access to Phone A, Line 1.
  Why would this be a good approach?  Well, what if you had a need to restrict Line 1 on Phone A but allow Line 2 on Phone A.  Using line level restrictions is much more flexible. Especially if you have more than 2 options you need to consider.
  As far as inbound restrictions. If a phone line doesn't have a DID then you have achieved your objective.
  The part I can't answer is reserving 10 specific channels for one group of users. I do not believe this is possible.
  HTH.
  Regards,
  Bill

• Cisco 1242AG Access Point proper configuration

  Hello everyone,
  Here is the situation:
  Recently we decide to create a small WLAN in our business.We choose the Cisco AIR-AP1242AG-E-K9 with 2x2.4GHz 2.2dbi Swivel Dipole Antenna.
  For better managability a new routable VLAN (ID:20) added to our Router with IP 192.168.55.1 and SNET 255.255.255.0
  Next, I made the followings configurations in the autonomous AP through WEB Console:
  Static IP:192.20.10.35, SNET:255.255.254.0, GWY:192.20.10.200
  VLAN1 (Native) and VLAN20 (Radio0-802.11g) added into Services.
  I set the Encryption Mode to None for VLAN1 and Cipher AES CCMP for VLAN20
  Into Server Manager I defined a new RADIUS server 192.20.10.35 (AP IP) and a shared secret and left the default ports for Authentication and Accounting (1645 and 1646). Also, in Default Server Priorities section I set as Priotity 1 both for EAP and MAC authentication the Access Point IP (Radius Server) 192.20.10.35.
  In Local RADIUS Server General Set-Up, I add as current network access server (AAA client) the same IP and shared secret like the ones I use during RADIUS server configuration above. Into Enable Authentication Protocols I left checked only the LEAP and MAC. Also, into Individual Users section 2 new users created with text passwords.
  Into SSID Manager a new hidden SSID created for interface Radio0-802.11g, associated with VLAN20 and into Client Authentication Settings section I left as accepted Method Open Authentication with MAC authentication and EAP. Also, I left the Use Defaults option both for EAP and MAC Authentication Servers in Server Priorities Section and finally into Client Authenticated Key Management section I choose Mandatory for Key Management and checked the Enable WPA option.
  I can ping both the AP and VLAN20 IPs from any PC which is a member of the native VLAN
  As wireless clients I use 2 Motorola MC5574 with Windows Mobile 6.1 professional. Both of them have a Jedi WLAN adapter configured with the followings:
  IPs:192.168.55.10 and 192.168.55.11
  SNET:255.255.255.0
  GWY:192.168.55.1
  Also, a unique profile has been created on each one of them to be used for AP association-authentication. Each profile has been configured for WPA2 Enterprise with AES and LEAP and the predefined user credentials (those defined into AP for Individual Users)
  The problem:
  Clients association with AP is always succesful but, Authentication fails and I can't ping from the clients AP IP,  VLAN20 IP, neither each other.
  What am I missing here? I'm sure that it is somenthing quite simple but although I tried several different setups (i.e. WPA2-PSK, WPA-PSK even with TKIP) I always end up without a proper solution for ping inability.
  Thank you in advance for any help

  Hello Madhuri,
  below is the latest run config output from the access point
  Building configuration...
  Current configuration : 3743 bytes
  ! Last configuration change at 03:56:04 +0200 Sun Nov 28 2010 by Cisco
  ! NVRAM config last updated at 03:58:07 +0200 Sun Nov 28 2010 by Cisco
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname RCT_THP_AP1
  enable secret 5 $1$26u0$emaUzNvvihCCZeKeooQ8M0
  aaa new-model
  aaa group server radius rad_eap
  server 192.20.10.35 auth-port 1645 acct-port 1646
  aaa group server radius rad_mac
  server 192.20.10.35 auth-port 1645 acct-port 1646
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  clock timezone +0200 2
  ip name-server 192.20.11.2
  dot11 ssid RCTHP
     vlan 20
     authentication open mac-address mac_methods eap eap_methods
     authentication key-management wpa
  power inline negotiation prestandard source
  username Cisco password 7 00271A150754
  username 00236867a192 password 7 101E594B56414A5D5B057B7276
  username 00236867a192 autocommand exit
  username 00236867a19b password 7 091C1E5B4A534F445C0D557329
  username 00236867a19b autocommand exit
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption vlan 20 mode ciphers aes-ccm
  ssid RCTHP
  channel 2462
  station-role root
  bridge-group 1
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.20
  encapsulation dot1Q 20
  no ip route-cache
  bridge-group 20
  bridge-group 20 subscriber-loop-control
  bridge-group 20 block-unknown-source
  no bridge-group 20 source-learning
  no bridge-group 20 unicast-flooding
  bridge-group 20 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  no dfs band block
  channel dfs
  station-role root
  interface Dot11Radio1.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  interface FastEthernet0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface FastEthernet0.20
  encapsulation dot1Q 20
  no ip route-cache
  bridge-group 20
  no bridge-group 20 source-learning
  bridge-group 20 spanning-disabled
  interface BVI1
  ip address 192.20.10.35 255.255.254.0
  no ip route-cache
  ip default-gateway 192.20.10.200
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  snmp-server view dot11view ieee802dot11 included
  snmp-server community public view dot11view RO
  snmp-server contact IS
  radius-server local
    no authentication eapfast
    nas 192.20.10.35 key 7 03130807055F2C1F
    user motomob1 nthash 7 15315B29557B0D767E111074455E332022000F0D0A725C223B300C7A0E760A0371
    user motomob2 nthash 7 075E716D6C2F49514636532A5C0B0A067C1567003224335553047F0C710058263E
  radius-server attribute 32 include-in-access-req format %h
  radius-server host 192.20.10.35 auth-port 1645 acct-port 1646 key 7 120E561B115B0157
  radius-server vsa send accounting
  bridge 1 route ip
  line con 0
  line vty 0 4
  sntp server 192.20.10.2
  sntp broadcast client
  end
  Regards
  Vasilis

• A wallet needs to be configured for this instance of Application Express

  hi
  I m very new to APEX. I could create web service client with wsdl. But when service is on https i get message
  "a wallet needs to be configured for this instance of Application Express".
  I have created wallet using OWM (10.2.0.1.0) at location c:\del_sometime
  Using admin i configured APEX instance settings wallet as
  Wallet Path = file:c:\del_sometime
  And checked in database too
  SQL> ALTER SESSION SET CURRENT_SCHEMA = APEX_030200;
  Session altered.
  SQL> SELECT
  2 APEX_INSTANCE_ADMIN.GET_PARAMETER('WALLET_PATH')
  3 from dual;
  APEX_INSTANCE_ADMIN.GET_PARAMETER('WALLET_PATH')
  file:c:\del_sometime
  Any idea whats wrong? I am following steps from http://download.oracle.com/docs/cd/E14373_01/admin.32/e13371/adm_wrkspc.htm#BABFBJEA

  also whe I try following i keep getting error failure to open file. I am on XP and file is present with proper permissions.
  SQL> SELECT utl_http.request('https://support.oracle.com/',null,'file:c:\del_sometime\') from dual;
  SELECT utl_http.request('https://support.oracle.com/',null,'file:c:\del_sometime\') from dual
  ERROR at line 1:
  ORA-29273: HTTP request failed
  ORA-06512: at "SYS.UTL_HTTP", line 1577
  ORA-28759: failure to open file
  ORA-06512: at line 1

• What Is an Appropriate Hostname & DNS Zone Configuration for External DNS Setup?

  I setup servers that are hosted on a secure external data centre. The data centre has its own DNSS, so the DNS service is never setup on the server itself, and is handled by the data centre. I have already setup a handful of servers, and they all seem to be working well. Nevertheless, a couple of people in these discussions have told me, that I'm not setting the servers up 'properly' because of the way I'm naming the server - ie., they believe I'm assigning a 'wrong' hostname - and because of the way I'm setting up subdomains in the zone file. Here is how I'm currently doing it:
  CURRENT SETUP:
  The server is public, and it is also the ONLY machine publicly in the domain zone. So, if the client's domain is "example.com", there is only one machine that will respond to all services in that domain. Because of this:
  - Server Hostname: "example.com"
  - reverse DNS PTR record points to "example.com"
  -  'mail.example.com', 'www.example.com', 'ftp.example.com', etc, are all setup as A records that point to the same IP address as "example.com".
  This has been working fine so far. I have not had any problems with any service, including mail. However, a couple of people suggested that "example.com" is not a fully qualified domain name, and that this setup is therefore  'incorrect', and that it will cause me problems in the future. They suggest I should be setting these servers up like this:
  SUGGESTED SETUP:
  - Server Hostname: "server.example.com"
  - reverse DNS PTR record points to "server.example.com"
  - setup "www.example.com" as a record pointing to the same IP address as "server.example.com", but avoid setting up other subdomains unless absolutely necessary - ie., tell client to use "server.example.com" as the 'proper' address for mail/ftp/etc.
  Technically, 'net', 'company.net' and 'server.company.net' can all be fully qualified domain names, if each one of them points unequivocally to a single IP address. An domain name is not fully qualified, for instance, when it points to a subnet instead of a single IP address. Using "example.com" as a FQDN is technically correct. However, what is 'technically correct' and what Server considers acceptable are not always the same thing....
  I certainly don't want my clients to have problems in the future, and if OS X Server is going to misbehave because of the way I'm setting up my hostname and zone files, I need to know for sure NOW rather than later!

  I'm the "other people" referenced here.
  For general information on DNS, please acquire and skim a copy of Cricket Liu's DNS and BIND book.  It was on its fifth edition when last I checked.  DNS server on OS X Server is the ISC BIND server, which is discussed in that book in some detail.
  If configuring OS X Server in a data center, the OS X Server box probably does not want (nor need) to be running a local DNS server.  (Running local DNS services just means that DNS server will potentially become part of a DNS DDoS, if who can issue queries to the server isn't carefully controlled.)  Use the DC DNS server(s).
  If you want the domain itself to be used as an IP address (eg: example.com), then that's usually an A record, particularly if you're getting email via that domain (and not an MX record going elsewhere).  Some versions of OS X Server have had some issues with setting up this record within Server Admin.app and Server.app.
  The previous issues were likely due to stale DNS translations lurking within the configuration, and caching of that data up to the TTL.  (FWIW, this discussion is related to this thread and this thread.)

• How do you Redistribution EIGRP into OSPF and maintain a distance of 250 for a static route?

  Ok, I have scoured the forums long enough and have to post. The design is below. I moved a firewall to our new data center, which required adding some static routes for VPN connections and broadband backups. To minimize the amount of static routes I redistribute static into EIGRP with a route-map and prefix-list.
  My problem is the next part of my network. When the data leaves my 56128's it hits an edge device connecting to our dark fiber. On this edge device I am running OSPF onto the dark fiber, then redistribute some EIGRP subnets into OSPF and again all is well.
  Everything works up until the point the redistributed routes hit my RIB at my main data center where I am running IBGP. IBPG is run between our MPLS router and core for all our remote sites. When my backup route from the 56128's hits the cores, it supersedes the BGP route because the AD route O E2 [110/20] is lower than the BGP AD B [200/0]. Given the configuration below what can be done to remedy this? Oh when I redistribute I can only change the AD for the backup routes, all other routes should stay the same.
  56128's where my static routes are:
  ip route 192.168.101.0/24 192.168.30.77 name firewall 250
  router eigrp 65100
     redistribute static route-map Static-To-Eigrp
  route-map Static-To-Eigrp permit 10
     match ip address prefix-list Static2Eigrp
  ip prefix-list Static2Eigrp seq 2 permit 192.168.101.0/24
  Edge device:
  router eigrp 65100
   network 172.18.0.5 0.0.0.0
   network 172.18.0.32 0.0.0.3
   network 172.18.0.36 0.0.0.3
   redistribute ospf 65100 metric 2000000 0 255 1 1500
   redistribute static metric 200000 0 255 1 1500 route-map STATICS_INTO_EIGRP
   passive-interface default
   no passive-interface Port-channel11
   no passive-interface Port-channel12
   eigrp router-id 172.18.0.5
  router ospf 65100
   router-id 172.18.0.5
   log-adjacency-changes
   redistribute eigrp 65100 subnets route-map EIGRP_INTO_OSPF
   passive-interface default
   no passive-interface GigabitEthernet1/0/1
   no passive-interface GigabitEthernet1/0/2
   no passive-interface GigabitEthernet2/0/1
   no passive-interface GigabitEthernet2/0/2
   network 172.18.0.0 0.0.255.255 area 0
  ip prefix-list EIGRP_INTO_OSPF seq 5 permit 172.18.0.0/16 le 32
  ip prefix-list EIGRP_INTO_OSPF seq 10 permit 192.168.94.0/29 le 32
  ip prefix-list EIGRP_INTO_OSPF seq 15 permit 192.168.26.32/29 le 32
  ip prefix-list EIGRP_INTO_OSPF seq 20 permit 192.168.30.72/29 le 32
  ip prefix-list EIGRP_INTO_OSPF seq 25 permit 192.168.20.128/25 le 32
  ip prefix-list EIGRP_INTO_OSPF seq 26 permit 192.168.101.0/24 le 32 <- Backup Route for MPLS Remote Office
  route-map EIGRP_INTO_OSPF permit 10
   match ip address prefix-list EIGRP_INTO_OSPF

  So in the case of a /24. If it were say broken up into /25's? From our remote sites we are using aggregate-address summary-only. Not sure how I would advertise a more specific route via BGP, sorry.
  I didnt have this problem until I moved my firewalls. They plugged into the cores where IBGP was running and the static never kicked in unless the bgp route disappeared. I guess I could use my static redistribution for my VPN sites and use statics across the cores for the handful of backup links I have.