Sunday, January 09, 2011

CCNA 640-802 Study Note Troubleshooting OSPF

Continue from our previous setup, we are now having some routing issue on our RouterA.

image

From RouterA, we tried to ping the TFTP server 10.1.1.1 but the ping test failed.

RouterA#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

So, first we make sure that the serial interfaces are in the up/up state.

RouterA#sh ip int s0/0/0
Serial0/0/0 is up, line protocol is up (connected)
  Internet address is 10.140.1.2/24
  Broadcast address is 255.255.255.255
  Address determined by setup command
  MTU is 1500
  <Output cut>

RouterA#sh ip int s0/0/1
Serial0/0/1 is up, line protocol is up (connected)
  Internet address is 10.23.23.1/24
  Broadcast address is 255.255.255.255
  Address determined by setup command
  MTU is 1500
<Output cut>

Okay, both serial interfaces are in the up/up state.  Now, let’s check the routing table.

RouterA#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 3 subnets
C       10.2.2.0 is directly connected, FastEthernet0/0
C       10.23.23.0 is directly connected, Serial0/0/1
C       10.140.1.0 is directly connected, Serial0/0/0
     192.168.1.0/28 is subnetted, 1 subnets
C       192.168.1.64 is directly connected, Loopback0

Hmm…, all the OSPF route entries are missing.  Let’s check on the routing protocols on the router.

RouterA#sh ip protocols

Routing Protocol is "ospf 100"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Router ID 192.168.1.65
  Number of areas in this router is 1. 1 normal 0 stub 0 nssa
  Maximum path: 4
  Routing for Networks:
    192.168.1.65 0.0.0.0 area 0
  Routing Information Sources: 
    Gateway         Distance      Last Update
  Distance: (default is 110)

Okay, the OSPF process 100 is still running but there is only 1 network configured for routing and that is on the loopback interface.

Let’s check on the OSPF statistics on the 2 serial interfaces and the Fast Ethernet interface. 

RouterA#sh ip ospf int s0/0/0
%OSPF: OSPF not enabled on Serial0/0/0

RouterA#sh ip ospf int s0/0/1
%OSPF: OSPF not enabled on Serial0/0/1

RouterA#sh ip ospf int f0/0
%OSPF: OSPF not enabled on FastEthernet0/0

Try checking the status of the OSPF neighbour using the sh ip ospf neighbor command and it returns nothing.

Okay, someone has removed the others 3 networks from the OSPF process.  Let’s quickly put them back.

RouterA(config)#router ospf 100
RouterA(config-router)#network 10.2.2.3 0.0.0.0 area 0
RouterA(config-router)#network 10.140.1.2 0.0.0.0 area 0
RouterA(config-router)#network 10.23.23.1 0.0.0.0 area 0

Let’s check the OSPF routing protocol again.

RouterA#sh ip protocols

Routing Protocol is "ospf 100"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Router ID 192.168.1.65
  Number of areas in this router is 1. 1 normal 0 stub 0 nssa
  Maximum path: 4
  Routing for Networks:
    192.168.1.65 0.0.0.0 area 0
    10.2.2.3 0.0.0.0 area 0
    10.140.1.2 0.0.0.0 area 0
    10.23.23.1 0.0.0.0 area 0
  Routing Information Sources: 
    Gateway         Distance      Last Update
  Distance: (default is 110)

Good, the other 3 networks have added back.  We can also use the sh ip ospf int command to verify this.

Let’s retry the ping test again.

RouterA#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

What?  It still failed and if you check the routing table, there is no routing entries from the OSPF.

RouterA#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 3 subnets
C       10.2.2.0 is directly connected, FastEthernet0/0
C       10.23.23.0 is directly connected, Serial0/0/1
C       10.140.1.0 is directly connected, Serial0/0/0
     192.168.1.0/28 is subnetted, 1 subnets
C       192.168.1.64 is directly connected, Loopback0

What’s going on now?  Should I wait longer but it shouldn’t take that long for such tiny network.  Okay, let’s turn on debugging for the OSPF process.

RouterA#debug ip ospf events
OSPF events debugging is on
RouterA#
00:50:14: OSPF: Rcv pkt from  10.140.1.1, Serial0/0/0 : Mismatch Authentication type. Input packet specified type 1, we use type 0

00:50:23: OSPF: Rcv pkt from  10.23.23.2, Serial0/0/1 : Mismatch Authentication type. Input packet specified type 1, we use type 0

Alright, there is a mismatch in authentication type.  RouterA is using type 0 (null or no authentication) but RouterB and CoreRouter are using type 1 (plaintext authentication).  If it shows type 2 then it is MD5.  Stop the debugging using the no debug all command.

no debug all
All possible debugging has been turned off

Remember that in the previous setup, we enabled plaintext authentication and use pass-word as our password.  Let’s us enable back the plaintext authentication with pass-word as the password on both the serial interfaces.

RouterA(config)#int s0/0/0
RouterA(config-if)#ip ospf authentication-key pass-word
RouterA(config-if)#ip ospf authentication
RouterA(config-if)#int s0/0/1
RouterA(config-if)#ip ospf authentication-key pass-word
RouterA(config-if)#ip ospf authentication

We shall check on the routing table again.

RouterA#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 6 subnets
O       10.1.1.0 [110/1563] via 10.140.1.1, 00:01:13, Serial0/0/0
C       10.2.2.0 is directly connected, FastEthernet0/0
O       10.3.3.0 [110/1563] via 10.23.23.2, 00:00:53, Serial0/0/1
C       10.23.23.0 is directly connected, Serial0/0/1
C       10.140.1.0 is directly connected, Serial0/0/0
O       10.140.2.0 [110/3124] via 10.140.1.1, 00:01:13, Serial0/0/0
                   [110/3124] via 10.23.23.2, 00:00:53, Serial0/0/1
     172.16.0.0/32 is subnetted, 1 subnets
O       172.16.31.99 [110/1563] via 10.140.1.1, 00:01:13, Serial0/0/0
     192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.1.64/28 is directly connected, Loopback0
O       192.168.1.81/32 [110/1563] via 10.23.23.2, 00:00:53, Serial0/0/1

Oh great, our missing routing entries have come back.  Do the ping test again.

RouterA#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 33/56/63 ms

YEAH! RouterA is routing again!  Now the mystery has been solved, let’s call it a day.  Before that, remember to save your running configuration to the startup configuration!  See you again Smile

No comments: