I am attaching the configuration. OSPF authentication is not enabled on LAN interface. Also its defined as passive interface.

Exactly what I thought. You have created a discontiguous area 0. What happens is when OSPF on the primary router goes down, as you noted HSRP works now and the other router becomes active. But now on the LAN you have area 0 trying to traverse area 1 to get to area 0.

Please elaborate. I did not understand your explanation.

Is there any possibility for OSPF to go down on the active router even when the WAN link is active. When the WAN link goes down the active router give up its HSRP state.

So what is the solution? Shall I define OSPF authentication on LAN interfaces as well so that on LAN segment route exchange happens between Area0 and Area1?

So what is the root cause for OSPF to go down even when the link is active? Its a 100mbps stable link.

I will get you a detailed explanation and solution today. Sorry for the delay, I have been out of town.

Thanks,

Ryan

Avilt,

Sorry for the confusion, I mis-read your configs. I see that you have JT listed as the active router now.

One thing to not is this: As traffic from your Main Office is attempting to reach Site D, it will go in via the KD router.

This is because the KD router is advertising the LAN subnet (90.0) into Area 0, whereas the JT router is advertising it into area 1. OSPF always prefers Intra-area routes over inter-area routes. The return traffic from D to Main Office will use area 1, since the JT router is active.

At any rate, this is not an approach that I would prefer. I would make the following changes...

First, ensure you resolve any duplex mismatches as we have discussed above. You shouldn't see collisions incrementing on the interfaces. Next, hard code the OSPF cost of all KD wan interfaces to 1, and all JT wan interfaces to 100. Next, move all backup (JT) connections to area 0. Then move the LAN connections on the JT routers to area 0, and allow OSPF to form an adjacency between KD and JT routers at each site. Finally, restore your HSRP settings so that KD is active and JT is standby.

I have attached a drawing. I believe this will correct any asymmetric routing and simplifies your design. There is really no need to have multi-area OSPF with only four sites. I hope this helps,

Ryan

Thank You very much for the detailed diagram. What is the reason to hard code the OSPF cost of all KD wan interfaces to 1, and all JT wan interfaces to 100?

Currently I cannot merge 2 areas into one due to non technical reasons. I will try to merge it later. Can I just define OSPF authentication on LAN interfaces at all locations so that they form adjacency?

I will close this case after one week. The issue is most likely with the non cisco switch that I was using on LAN side.

I tend to agree.

The reason to hard code costs is to make one link the primary, and the other a backup. The higher cost links will be backups.

You need to do authentication and also remove the passive-interface command to allow adjacency to form (do this with the new design, you cannot do it in your current design since the routers have different areas for the LAN interface).

Good luck,

Ryan

Final clarifications:

1. I will use the default cost on both the routers so that all the routers/links are utilized.

2. At site D, On the LAN interfaces I will enable OSPF authentication and remove passive interface command so that there is OSPF exchange between Area0 and Area1.

Hope its not going to create any problems.

Avilt,

OSPF will only form a neighborship if both sides are in the same area. So, if you want to setup OSPF between the two routers at Site D on the LAN, you must put both into the same area (0).

Also, the default cost on all interfaces could result in some interesting routing. If you have two seperate ISP's, you may want to be very careful how you utilize both. Some applications are very sensitive to jitter and delay, so be sure to route this traffic in a consistent manner.