09-30-2016 09:47 AM - edited 03-05-2019 07:10 AM
Hello,
I am facing an issue i cannot seem to understand.
I have 2 switches exchanging OSPF routes, the topology is like this:
LAN 1 ----- CORESW(OSPF 45) ----- EDGE SWITCH(OSPF 40) --- OTHER EDGE SWITCH(UNKNOWN OSPF) - Firewall ---- LAN 2
172.24.4.25 172.24.4.27
What is happening is that users in LAN 2 cannot access a certained printing service within LAN 1.
Their traceroute:
host /root > traceroute 172.21.15.5 (LAN 1 Printer service)
traceroute to 172.21.15.5 (172.21.15.5), 30 hops max, 40 byte packets
1 153.98.100.62 (153.98.100.62) 0.430 ms 0.372 ms 0.451 ms (LAN 2 Default Gateway)
2 193.221.173.100 (193.221.173.100) 9.879 ms 2.957 ms 5.280 ms (A device in between on their network)
3 EDGE SWITCH(172.24.4.25) 1.764 ms 2.068 ms
1.768 ms
4 * * *
5 * * *
6 *^C
So according to them it stops when it reaches my edge switch. According to my edge switch it is stated something different.
Edgeswitch (172.24.4.25)
1 172.24.4.27 0 msec 16 msec 0 msec
2 Their Firewall 0 msec 9 msec 0 msec
3 * * *
4 * * *
So i can reach my OSPF adjency and their firewall and after that it dies.
I am reaching them via OSPF 40:
router ospf 40
router-id 172.24.10.1
log-adjacency-changes
timers throttle spf 10 100 5000
timers throttle lsa all 10 100 5000
timers lsa arrival 80
timers pacing flood 5
redistribute static metric-type 1 subnets route-map rm-static_to_ospf40
redistribute ospf 45 metric-type 1 subnets route-map rm-ospf45_to_ospf40
passive-interface default
no passive-interface Vlan30
no passive-interface Vlan50
no passive-interface Vlan355
network 153.98.29.32 0.0.0.31 area 0
network 153.98.29.96 0.0.0.31 area 0
network 153.98.29.160 0.0.0.31 area 0
network 153.98.68.192 0.0.0.31 area 0
network 172.24.4.24 0.0.0.7 area 0
network 172.24.4.248 0.0.0.7 area 0
network 172.24.10.1 0.0.0.0 area 0
network 172.24.15.0 0.0.0.63 area 0
network 193.221.170.160 0.0.0.15 area 0
network 193.221.170.176 0.0.0.15 area 0
network 193.221.181.32 0.0.0.31 area 0
network 193.221.182.32 0.0.0.31 area 0
network 193.221.184.16 0.0.0.7 area 0
network 193.221.184.80 0.0.0.7 area 0
distribute-list route-map rm-ospf40 in
!
The vlan inbetween the 2 switches is not passive (vlan 30), there are also no access lists applied to my side. There are some routemaps, what is happening here (i think). Is that ospf 40 is the connection to their network via vlan 30 and ospf 45 is the connection back to my LAN 1. So i am basically telling OSPF 40 here to put the routes of OSPF 45 into 40.
I also see the distribute list, but i cannot decode the information.
route-map rm-ospf40, deny, sequence 5
Match clauses:
tag 45
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map rm-ospf40, permit, sequence 10
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Any ideas on where to look?
10-01-2016 07:14 AM
Hello,
the distribute list on the edge switch (OSPF 40) denies everything that is tagged with 45, so the edge switch probably gets no routes at all from OSPF 45. Can you try and disable the distribute list and then check the routing table of the core switch (OSPF 40) ?
10-02-2016 02:33 AM
10-03-2016 02:18 AM
I do have a hard time understanding what the TAG 45 is about.
Is that referring to another OSPF process, that would be weird as the route is known and my traceroute seems te use it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide