10-02-2014 05:36 PM - edited 03-07-2019 08:57 PM
Hi,
I have a Cisco 3945E that I'm trying to set up OSPF on, and I'm running into a problem I can't get my head around.
I've configured an OSPF process as area 1 and given it the network of one of the interfaces that the 3945E has configured:-
router ospf 26
router-id xx.xx.xx.10
log-adjacency-changes detail
network xx.xx.xx.0 0.0.0.255 area 1
!
Enabling debugging of OSPF hello packets shows that the hello packet is being sent out of the interface:-
1624271: Oct 2 16:25:19.664 Pacific: OSPF: Send hello to 224.0.0.5 area 1 on GigabitEthernet0/2 from xx.xx.xx.10
However, this never seems to physically make it out of the interface. I've connected a machine directly to Gi0/2 on the 3945E and run Wireshark, and I do not see the Hello packets. However, if I ping 224.0.0.5 from the 3945E, those *do* show up, so it doesn't appear as though multicast traffic is being dropped.
The ACL applied to outbound traffic from the 3945E out of Gi0/2 allows all traffic from itself:-
ip access-list extended SELF-TO-IN-ACL
permit ip host xx.xx.xx.10 any
...and the hitcount increases every 10 seconds as the Hello packet is sent.
I turned on packet debugging and this is the output (with Hello debug message for reference):-
1624978: Oct 2 16:30:06.598 Pacific: OSPF: Send hello to 224.0.0.5 area 1 on GigabitEthernet0/2 from xx.xx.xx.10
1624979: Oct 2 16:30:06.598 Pacific: IP: s=xx.xx.xx.10 (local), d=224.0.0.5 (GigabitEthernet0/2), len 76, local feature, proto=89, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
1624980: Oct 2 16:30:06.598 Pacific: IP: s=xx.xx.xx.10 (local), d=224.0.0.5 (GigabitEthernet0/2), len 76, sending broad/multicast, proto=89
1624981: Oct 2 16:30:06.598 Pacific: IP: s=xx.xx.xx.10 (local), d=224.0.0.5 (GigabitEthernet0/2), len 76, output feature, proto=89, NAT Inside(7), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
1624982: Oct 2 16:30:06.598 Pacific: IP: s=xx.xx.xx.10 (local), d=224.0.0.5 (GigabitEthernet0/2), len 76, output feature, proto=89, Stateful Inspection(22), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
1624983: Oct 2 16:30:06.598 Pacific: IP: s=xx.xx.xx.10 (local), d=224.0.0.5 (GigabitEthernet0/2), len 76, output feature, proto=89, CCE Post NAT Classification(32), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
1624984: Oct 2 16:30:06.598 Pacific: pak 1C2487D0 consumed in output feature , packet consumed, Firewall (firewall component)(33), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
I'm at a loss as to where the OSPF Hello packets are going, since from what I can tell they should be getting sent out of Gi0/2.
Any help/pointers on where I should be looking next would be greatly appreciated...
Andy.
10-02-2014 08:13 PM
Hi,
In which state OSPF neighborship is stuck? Can you please share commands output from both sides
- show run | sec ospf
- show ip ospf nei
- show ip ospf interface <int>
- show ip ospf traffic
- When you ping to 224.0.0.5, do you get response from the other side.
May be router is sending hello but other side router is dropping it due to some hello parameter msimatch
Regards,
Akash
10-03-2014 10:22 AM
Hi Akash,
XXX#sh run | sec ospf
router ospf 26
router-id xx.xx.xx.10
log-adjacency-changes
network xx.xx.xx.0 0.0.0.255 area 1
permit ospf any any
access-list 199 permit ospf any any
XXX#sh ip ospf nei
XXX#sh ip ospf int Gi0/2
GigabitEthernet0/2 is up, line protocol is up
Internet Address xx.xx.xx.10/24, Area 0
Process ID 26, Router ID xx.xx.xx.10, Network Type BROADCAST, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) xx.xx.xx.10, Interface address xx.xx.xx.10
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:05
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
XXX#sh ip ospf traffic
OSPF statistics:
Last clearing of OSPF traffic counters never
Rcvd: 0 total, 0 checksum errors
0 hello, 0 database desc, 0 link state req
0 link state updates, 0 link state acks
Sent: 0 total
9024 hello, 0 database desc, 0 link state req
0 link state updates, 0 link state acks
OSPF Router with ID (xx.xx.xx.10) (Process ID 26)
OSPF queue statistics for process ID 26:
InputQ UpdateQ OutputQ
Limit 0 200 0
Drops 0 0 0
Max delay [msec] 0 0 0
Max size 0 0 1
Invalid 0 0 0
Hello 0 0 1
DB des 0 0 0
LS req 0 0 0
LS upd 0 0 0
LS ack 0 0 0
Current size 0 0 0
Invalid 0 0 0
Hello 0 0 0
DB des 0 0 0
LS req 0 0 0
LS upd 0 0 0
LS ack 0 0 0
Interface statistics:
Interface GigabitEthernet0/2
Last clearing of interface traffic counters never
OSPF packets received/sent
Type Packets Bytes
RX Invalid 0 0
RX Hello 0 0
RX DB des 0 0
RX LS req 0 0
RX LS upd 0 0
RX LS ack 0 0
RX Total 0 0
TX Failed 0 0
TX Hello 6086 462536
TX DB des 0 0
TX LS req 0 0
TX LS upd 0 0
TX LS ack 0 0
TX Total 6086 462536
OSPF header errors
Length 0, Auth Type 0, Checksum 0, Version 0,
Bad Source 0, No Virtual Link 0, Area Mismatch 0,
No Sham Link 0, Self Originated 0, Duplicate ID 0,
Hello 0, MTU Mismatch 0, Nbr Ignored 0,
LLS 0, Unknown Neighbor 0, Authentication 0,
TTL Check Fail 0
OSPF LSA errors
Type 0, Length 0, Data 0, Checksum 0
Summary traffic statistics for process ID 26:
OSPF packets received/sent
Type Packets Bytes
RX Invalid 0 0
RX Hello 0 0
RX DB des 0 0
RX LS req 0 0
RX LS upd 0 0
RX LS ack 0 0
RX Total 0 0
TX Failed 0 0
TX Hello 6086 462536
TX DB des 0 0
TX LS req 0 0
TX LS upd 0 0
TX LS ack 0 0
TX Total 6086 462536
OSPF header errors
Length 0, Auth Type 0, Checksum 0, Version 0,
Bad Source 0, No Virtual Link 0, Area Mismatch 0,
No Sham Link 0, Self Originated 0, Duplicate ID 0,
Hello 0, MTU Mismatch 0, Nbr Ignored 0,
LLS 0, Unknown Neighbor 0, Authentication 0,
TTL Check Fail 0
OSPF LSA errors
Type 0, Length 0, Data 0, Checksum 0
If I ping 224.0.0.5 I *don't* get a response.
Like I said in my original post, the Hello packet never physically leaves Gi0/2, and I have confirmed this by plugging a laptop into Gi0/2 directly and running Wireshark. I can also see Hello packets being sent from the other side (when I do a capture on the 3945E), but the 3945E doesn't appear to acknowledge that they even arrived.
Andy.
10-03-2014 10:33 AM
Additionally, if I set up a capture for all packets destined for 224.0.0.5, it never captures anything unless I ping 224.0.0.5. Yet the hit count on the access-list I set up for the capture increases as if the Hello packets are being sent.
It seems like they're disappearing somewhere between it processing them through the access-lists and actually leaving the interface.
Cheers,
Andy.
10-03-2014 09:20 PM
Hi Andy,
Router is sending hello and it is getting dropped on the interface. Can you please share "show runn int <int>" or better complete show run. If there is any access-list applied, can you please try removing it and then take wireshark capture.
Regards,
Akash
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide