cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
430
Views
0
Helpful
3
Replies

OSPF redistributing - route map issue

Yannick Vranckx
Level 2
Level 2

Hello,

I am facing an issue i cannot seem to understand. 

I have 2 switches exchanging OSPF routes, the topology is like this:

LAN 1 ----- CORESW(OSPF 45) ----- EDGE SWITCH(OSPF 40) --- OTHER EDGE SWITCH(UNKNOWN OSPF) -  Firewall ---- LAN 2

                                                                  172.24.4.25                                              172.24.4.27

What is happening is that users in LAN 2 cannot access a certained printing service within LAN 1.

Their traceroute:

host /root > traceroute 172.21.15.5 (LAN 1 Printer service)

traceroute to 172.21.15.5 (172.21.15.5), 30 hops max, 40 byte packets

1  153.98.100.62 (153.98.100.62)  0.430 ms  0.372 ms  0.451 ms (LAN 2 Default Gateway)

2  193.221.173.100 (193.221.173.100)  9.879 ms  2.957 ms  5.280 ms (A device in between on their network)

3  EDGE SWITCH(172.24.4.25)  1.764 ms  2.068 ms 

1.768 ms

4  * * *

5  * * *

6  *^C

So according to them it stops when it reaches my edge switch. According to my edge switch it is stated something different.

Edgeswitch (172.24.4.25)


1 172.24.4.27 0 msec 16 msec 0 msec
2 Their Firewall 0 msec 9 msec 0 msec
3 * * *
4 * * *

So i can reach my OSPF adjency and their firewall and after that it dies.

I am reaching them via OSPF 40:

router ospf 40
router-id 172.24.10.1
log-adjacency-changes
timers throttle spf 10 100 5000
timers throttle lsa all 10 100 5000
timers lsa arrival 80
timers pacing flood 5
redistribute static metric-type 1 subnets route-map rm-static_to_ospf40
redistribute ospf 45 metric-type 1 subnets route-map rm-ospf45_to_ospf40
passive-interface default
no passive-interface Vlan30
no passive-interface Vlan50
no passive-interface Vlan355
network 153.98.29.32 0.0.0.31 area 0
network 153.98.29.96 0.0.0.31 area 0
network 153.98.29.160 0.0.0.31 area 0
network 153.98.68.192 0.0.0.31 area 0
network 172.24.4.24 0.0.0.7 area 0
network 172.24.4.248 0.0.0.7 area 0
network 172.24.10.1 0.0.0.0 area 0
network 172.24.15.0 0.0.0.63 area 0
network 193.221.170.160 0.0.0.15 area 0
network 193.221.170.176 0.0.0.15 area 0
network 193.221.181.32 0.0.0.31 area 0
network 193.221.182.32 0.0.0.31 area 0
network 193.221.184.16 0.0.0.7 area 0
network 193.221.184.80 0.0.0.7 area 0
distribute-list route-map rm-ospf40 in
!

The vlan inbetween the 2 switches is not passive (vlan 30), there are also no access lists applied to my side. There are some routemaps, what is happening here (i think). Is that ospf 40 is the connection to their network via vlan 30 and ospf 45 is the connection back to my LAN 1. So i am basically telling OSPF 40 here to put the routes of OSPF 45 into 40.

I also see the distribute list, but i cannot decode the information.

route-map rm-ospf40, deny, sequence 5
Match clauses:
tag 45
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map rm-ospf40, permit, sequence 10
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes

Any ideas on where to look?

3 Replies 3

Hello,

the distribute list on the edge switch (OSPF 40) denies everything that is tagged with 45, so the edge switch probably gets no routes at all from OSPF 45. Can you try and disable the distribute list and then check the routing table of the core switch (OSPF 40) ?

I dont know about this because: The OSPF process 45 shares the information from my LAN to the edge switch and that is working without problems. The edge switch and even my core know the route towards their subnet, but i am not reaching it. Can standard ACL's be an issue here? It is kinda tedious to see what they are impacting. A standard ACL will just block the connection to the switch right? And i can traceroute across my edge to their network and their it ends, but they cannot trace back. So it looks like a standard ACL blocking this, just have to figure out which one.

I do have a hard time understanding what the TAG 45 is about.

Is that referring to another OSPF process, that would be weird as the route is known and my traceroute seems te use it.

Review Cisco Networking for a $25 gift card