01-09-2008 08:54 AM - edited 03-03-2019 08:12 PM
m getting thousands of hits on IDS with ospf packey length mismatch between two cisco routers..please let me know how to stop this...
thanks in advance
regards..
manik...
01-09-2008 09:53 AM
Hello,
Two cisco routers will not become OSPF neighbors if the MTU's on the neighboring interfaces are not the same. Please make sure the MTU's on those interfaces are the same.
Kind Regards,
M.
01-09-2008 12:41 PM
hello...both the routers are connected through L3 switch.they are neighbours with each other..
Thanks..
Manik
01-09-2008 08:36 PM
Hi,
I do not think its a MTU issue.Because packet length says about the length of the ospf packet including header.
Check whether the configuration is same for both outers.Also see whetehr they are adjacent with each other.
HTH,
regards,
shri :)
01-09-2008 08:44 PM
yes i support that the above post..
If ur ospf is working fine,i think it can happen any signature of low severity might be triggred in ids.can u check for the signature details of that event..
01-09-2008 09:18 PM
Can you please post errors your getting on IDS?
Cheers,
Nikhil E.
01-10-2008 01:15 AM
Are your devices forming adjacency or not?
-If the MTU mismatched the adjacency will never come up, unless manually configured to be matched on both ends on the link (neighbors) or ignore the MTU check during adjacency negotiations
Example:
Router(config-if)#int g0/0
Router(config-if)#ip ospf mtu-ignore
If your devices already forming adjacency and u only observe packet length mismatch, If you read section 8.2 of RFC 2328, there is no place that says
That an OSPF router should make this check, and the OSPF header
Length will always be different than IP length
http://www.faqs.org/rfcs/rfc2328.html
Best Regards,
Mounir Mohamed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide