diff --git a/Documentation/cmdref/cilium-agent.md b/Documentation/cmdref/cilium-agent.md
index 7e83a3ecbec0..6d06fa72c7f6 100644
--- a/Documentation/cmdref/cilium-agent.md
+++ b/Documentation/cmdref/cilium-agent.md
@@ -156,6 +156,7 @@ cilium-agent [flags]
       --monitor-queue-size int                        Size of the event queue when reading monitor events
       --mtu int                                       Overwrite auto-detected MTU of underlying network
       --nat46-range string                            IPv6 prefix to map IPv4 addresses to (default "0:0:0:0:0:FFFF::/96")
+      --native-routing-cidr string                    Allows to explicitly specify the CIDR for native routing. This value corresponds to the configured cluster-cidr.
       --node-port-acceleration string                 BPF NodePort acceleration via XDP ("native", "disabled") (default "disabled")
       --node-port-bind-protection                     Reject application bind(2) requests to service ports in the NodePort range (default true)
       --node-port-mode string                         BPF NodePort mode ("snat", "dsr", "hybrid") (default "snat")
diff --git a/daemon/cmd/daemon_main.go b/daemon/cmd/daemon_main.go
index de4a7ab643b9..eebd8e0e02e1 100644
--- a/daemon/cmd/daemon_main.go
+++ b/daemon/cmd/daemon_main.go
@@ -538,6 +538,9 @@ func init() {
 	flags.Bool(option.EnableHostFirewall, false, "Enable host network policies")
 	option.BindEnv(option.EnableHostFirewall)
 
+	flags.String(option.IPv4NativeRoutingCIDR, "", "Allows to explicitly specify the CIDR for native routing. This value corresponds to the configured cluster-cidr.")
+	option.BindEnv(option.IPv4NativeRoutingCIDR)
+
 	flags.String(option.LibDir, defaults.LibraryPath, "Directory path to store runtime build environment")
 	option.BindEnv(option.LibDir)
 
diff --git a/pkg/option/config.go b/pkg/option/config.go
index d90e0b08e843..210fccb4e865 100644
--- a/pkg/option/config.go
+++ b/pkg/option/config.go
@@ -2073,7 +2073,7 @@ func (c *DaemonConfig) Validate() error {
 	}
 
 	if err := c.checkIPv4NativeRoutingCIDR(); err != nil {
-		return nil
+		return err
 	}
 
 	// Validate that the KVStore Lease TTL value lies between a particular range.
diff --git a/test/helpers/kubectl.go b/test/helpers/kubectl.go
index 151b5fb241b5..55186dcecfed 100644
--- a/test/helpers/kubectl.go
+++ b/test/helpers/kubectl.go
@@ -116,7 +116,8 @@ var (
 		// We need CNP node status to know when a policy is being enforced
 		"config.enableCnpStatusUpdates": "true",
 
-		"global.hostFirewall": "true",
+		"global.hostFirewall":      "true",
+		"global.nativeRoutingCIDR": "10.0.0.0/16",
 	}
 
 	flannelHelmOverrides = map[string]string{