09-07-2023
08:26 AM
- last edited on
09-08-2023
07:29 AM
by
Translator
Hello, Cisco Community,
I have a simple OSPF configuration, two core switches connected via a P2P link. One at our HQ and the other at our DR site. I need to route an off-network subnet into OSPF, as the network is not currently available within the
IP route
database. I can see on the HQ side that I have a static route to our backbone firewall interface, and on the DR side a static route to our firewall interface.
Route redistribution
is enabled on both sides.
The off-network subnet (site1) is connected to our HQ Firewall pair using Meraki's autoVPN, with a quick tracert I can see that traffic from site1 is traversing the local LAN, hitting the Firewall gateway, traversing the autoVPN, then hitting our HQ Firewall and subsequently the HQ core, it is at this point that traffic stops, and is not able to route off the backbone
VLAN
to the DR site. The backbone
VLAN
is configured on both sides, and is available within the OSPF database, being redistributed through static routes. The backbone
VLAN
is not a passive interface, and should communicate. I can't understand why the site1 subnet isn't present within the
ip route ospf table
, given its configuration.
Other E1 (external type 1) routes are being correctly redistributed through static routes into the OSPF database, both via the backbone
VLAN
from other sites, and through our
MPLS VLAN
. It is not a misconfiguration of OSPF itself, the neighbourship is up and operational, with no errors, and routing over both for other sites and connections is working.
Orignally I thought it had something to do with how the MerakiMX250 autoVPN features and or static routes work, when presented over the VPN, however, the autoVPN feature automatically presents all off-network L3 static routes when using autoVPN. (I know, no relevant and could be placed within a Meraki thread), but my question is relating to OSPF on a Catalyst 3850 switch stack.
Thanks in advance.
Solved! Go to Solution.
09-07-2023
02:07 PM
- last edited on
09-08-2023
07:36 AM
by
Translator
Hello @aavnet89 ,
on
drswitch
you have a static route for
prefix 10.5.0.0/16
drswitch1# sh ip route static
S 10.5.0.0/16 [1/0] via 10.2.250.100
This static route is preferred over the OSPF route for its lower AD 1 instead of 110.
As you have shown in your latest post the OSPF LSA type 5 is generated at HQ
You can check at
drswitch
using:
show ip ospf database external 10.5.0.0
Hope to help
Giuseppe
09-07-2023 09:13 AM
I did want to upload snippets of the configuration, what is the guidance for such?
09-07-2023
09:20 AM
- last edited on
09-08-2023
07:32 AM
by
Translator
The subnet I'm looking to present to the
OSPF area is 10.5.0.0/16
hqswitch1# sh run | s ospf
router ospf 1
redistribute static metric-type 1
passive-interface default
no passive-interface Vlan250
no passive-interface Vlan251
no passive-interface GigabitEthernet1/0/3
network 10.1.0.0 0.0.255.255 area 10.254.254.254
network 10.254.254.1 0.0.0.0 area 10.254.254.254
drswitch1# sh run | s ospf
router ospf 1
passive-interface default
no passive-interface Vlan250
no passive-interface Vlan251
no passive-interface GigabitEthernet2/0/24
network 10.2.0.0 0.0.255.255 area 10.254.254.254
network 10.254.254.2 0.0.0.0 area 10.254.254.254
HQswitch1#sh ip protocols
*** IP Routing is NSF aware ***
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.1.0.1
It is an autonomous system boundary router
Redistributing External Routes from,
static, includes subnets in redistribution
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
10.1.0.0 0.0.255.255 area 10.254.254.254
10.254.254.1 0.0.0.0 area 10.254.254.254
Passive Interface(s):
Vlan1
Vlan5
Vlan6
Vlan7
Vlan8
Vlan9
Vlan10
Vlan20
Passive Interface(s):
Vlan21
Vlan22
Vlan25
Vlan50
Vlan60
Vlan65
Vlan100
Vlan105
Vlan155
Vlan180
Vlan190
Vlan191
Vlan193
Vlan195
Vlan204
Vlan230
Vlan240
Loopback0
Routing Information Sources:
Gateway Distance Last Update
10.2.0.1 110 10w5d
10.1.251.20 110 5w2d
10.1.251.30 110 5w2d
Gateway Distance Last Update
10.2.251.10 110 7w6d
Distance: (default is 110)
DRswitch1#sh ip protocols
*** IP Routing is NSF aware ***
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.2.0.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
10.2.0.0 0.0.255.255 area 10.254.254.254
10.254.254.2 0.0.0.0 area 10.254.254.254
Passive Interface(s):
Vlan1
Vlan5
Vlan6
Vlan7
Vlan8
Vlan9
Vlan10
Vlan20
Vlan60
Vlan100
Vlan230
Passive Interface(s):
Loopback0
Routing Information Sources:
Gateway Distance Last Update
10.1.0.1 110 10w5d
10.1.251.20 110 5w2d
10.1.251.30 110 5w2d
10.2.251.10 110 5w2d
Distance: (default is 110)
hqswitch1# sh ip route ospf
Gateway of last resort is 10.1.250.200 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 85 subnets, 7 masks
O E1 10.1.0.0/16 [110/3] via 10.254.254.2, 7w0d, GigabitEthernet1/0/3
O E1 10.2.0.0/16 [110/3] via 10.254.254.2, 7w0d, GigabitEthernet1/0/3
O 10.2.0.1/32 [110/2] via 10.254.254.2, 7w0d, GigabitEthernet1/0/3
O 10.2.5.0/24 [110/2] via 10.254.254.2, 7w0d, GigabitEthernet1/0/3
O 10.2.6.0/24 [110/2] via 10.254.254.2, 7w0d, GigabitEthernet1/0/3
O 10.2.7.0/24 [110/2] via 10.254.254.2, 7w0d, GigabitEthernet1/0/3
O 10.2.8.0/24 [110/2] via 10.254.254.2, 7w0d, GigabitEthernet1/0/3
O 10.2.9.0/24 [110/2] via 10.254.254.2, 7w0d, GigabitEthernet1/0/3
O 10.2.10.0/24 [110/2] via 10.254.254.2, 7w0d, GigabitEthernet1/0/3
O 10.2.20.0/24 [110/2] via 10.254.254.2, 7w0d, GigabitEthernet1/0/3
O 10.2.60.0/24 [110/2] via 10.254.254.2, 7w0d, GigabitEthernet1/0/3
O 10.2.230.0/24 [110/2] via 10.254.254.2, 7w0d, GigabitEthernet1/0/3
O 10.2.250.0/24 [110/2] via 10.254.254.2, 7w0d, GigabitEthernet1/0/3
O 10.2.251.0/24 [110/2] via 10.254.254.2, 7w0d, GigabitEthernet1/0/3
O E1 10.6.0.0/16 [110/2] via 10.1.251.20, 5w2d, Vlan251
O E1 10.7.0.0/16 [110/2] via 10.1.251.20, 7w0d, Vlan251
O E1 10.10.253.2/32 [110/3] via 10.254.254.2, 7w0d, GigabitEthernet1/0/3
O E1 10.10.253.6/32 [110/2] via 10.1.251.20, 7w0d, Vlan251
O E1 10.10.253.10/32 [110/2] via 10.1.251.20, 7w0d, Vlan251
O E1 10.10.253.14/32 [110/2] via 10.1.251.20, 7w0d, Vlan251
62.0.0.0/8 is variably subnetted, 8 subnets, 3 masks
DRswitch1#sh ip route ospf
Gateway of last resort is 10.2.250.100 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 73 subnets, 8 masks
O E1 10.0.0.0/24 [110/22] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O E1 10.1.0.0/16 [110/2] via 10.2.251.10, 7w0d, Vlan251
O 10.1.0.1/32 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O E1 10.1.0.2/32 [110/21] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O E1 10.1.0.3/32 [110/21] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.5.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.6.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.7.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.8.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.9.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.10.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.20.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.21.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.22.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.25.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.50.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.60.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.65.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.105.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.155.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.180.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.190.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.191.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.193.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.195.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O E1 10.1.202.0/24 [110/22] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.204.0/23 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O E1 10.1.222.0/24 [110/22] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O E1 10.1.223.16/28 [110/22] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.230.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.250.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O 10.1.251.0/24 [110/2] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O E1 10.1.252.0/22 [110/22] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O E1 10.2.0.0/16 [110/2] via 10.2.251.10, 7w0d, Vlan251
O E1 10.4.0.0/16 [110/22] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O E1 10.6.0.0/16 [110/2] via 10.2.251.10, 5w2d, Vlan251
O E1 10.7.0.0/16 [110/2] via 10.2.251.10, 7w0d, Vlan251
O E1 10.10.253.2/32 [110/2] via 10.2.251.10, 7w0d, Vlan251
O E1 10.10.253.6/32 [110/2] via 10.2.251.10, 7w0d, Vlan251
O E1 10.10.253.10/32 [110/2] via 10.2.251.10, 7w0d, Vlan251
O E1 10.10.253.14/32 [110/3] via 10.254.254.1, 7w0d, GigabitEthernet2/0/24
O E1 10.127.127.0/24
drswitch1# sh ip route static
ateway of last resort is 10.2.250.100 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.2.250.100
10.0.0.0/8 is variably subnetted, 73 subnets, 8 masks
S 10.2.67.0/24 [1/0] via 10.2.5.60
S 10.3.0.0/16 [1/0] via 10.2.250.100
S 10.5.0.0/16 [1/0] via 10.2.250.100
S 10.10.10.0/24 [1/0] via 10.1.250.50
S 10.10.100.0/24 [1/0] via 10.1.250.100
S 10.247.64.0/20 [1/0] via 10.254.254.1
HQswitch1# sh ip route static
Gateway of last resort is 10.1.250.200 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.1.250.200
10.0.0.0/8 is variably subnetted, 85 subnets, 7 masks
S 10.0.0.0/24 [1/0] via 10.1.250.50
S 10.1.0.2/32 [1/0] via 10.1.230.2
S 10.1.0.3/32 [1/0] via 10.1.230.3
S 10.1.202.0/24 [1/0] via 10.1.250.200
S 10.1.222.0/24 [1/0] via 10.1.250.100
S 10.1.223.16/28 [1/0] via 10.1.250.200
S 10.1.252.0/22 [1/0] via 10.1.250.200
S 10.2.67.0/24 [1/0] via 10.254.254.2
S 10.3.0.0/16 [1/0] via 10.1.250.200
S 10.4.0.0/16 [1/0] via 10.1.250.200
S 10.5.0.0/16 [1/0] via 10.1.250.200
09-07-2023
02:07 PM
- last edited on
09-08-2023
07:36 AM
by
Translator
Hello @aavnet89 ,
on
drswitch
you have a static route for
prefix 10.5.0.0/16
drswitch1# sh ip route static
S 10.5.0.0/16 [1/0] via 10.2.250.100
This static route is preferred over the OSPF route for its lower AD 1 instead of 110.
As you have shown in your latest post the OSPF LSA type 5 is generated at HQ
You can check at
drswitch
using:
show ip ospf database external 10.5.0.0
Hope to help
Giuseppe
09-08-2023 12:04 AM
Thank you Giuseppe, that was the issue, and is now working.
09-07-2023
09:27 AM
- last edited on
09-08-2023
07:40 AM
by
Translator
Events: 17:00:16.541: Generate Changed Type-5 LSA, LSID 10.5.0.0, Seq# 80006008, Age 0
16:26:25.947: Generate Changed Type-5 LSA, LSID 10.5.0.0, Seq# 80006007, Age 0
15:52:41.501: Generate Changed Type-5 LSA, LSID 10.5.0.0, Seq# 80006006, Age 0
15:19:15.595: Generate Changed Type-5 LSA, LSID 10.5.0.0, Seq# 80006005, Age 0
14:45:42.316: Generate Changed Type-5 LSA, LSID 10.5.0.0, Seq# 80006004, Age 0
14:12:10.169: Generate Changed Type-5 LSA, LSID 10.5.0.0, Seq# 80006003, Age 0
Connectivity both sides is failing, stopping at the
HQ gateway
from the remote site, and from the
DR gateway
on the DR side. I'm starting to think if it is firewall at the DR site / next hop interface, but I should be able to present the
10.5.0.0/16 network
over the P2P link.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide