Tshoot 300-135 (Routing OSPF)

Leave a Comment / By /

Ticket #8

R1 has no OPSF adjacency with R5 or R7
Diagnose and resolve

#### Check the reported issues
R1#show ip ospf neighbor

#### Check if OSPF is running on the int facing neighbor
R1#show ip ospf interface

#### Check if there is layer 2 problem
R1#show arp

#### Check the SW and and the port's Operational Mode
SW#show int gi1/0/18 switchport
#### Debug and check the log
R1#clear logging
R1#debug ip ospf events
R1#show logging
R1#undebug all
##### Check OSPF database
R1#show ip ospf database

#### stop too much console logging
R1(config)#no logging console

#### Study carefully the OSPF interface
R1#show ip ospf interface
POINT_TO_POINT does not participate in DR/BDR election process
#### Fix the Network Type POINT_TO_POINT
#### Make it Broadcast
R1(config)#int g0/0
R1(config-if)#ip ospf network broadcast

#### Verify the fix
R1#show ip ospf interface g0/0

Ticket #9

Your predecessor attempted to make the network more secure but did not complete the task and resigned.
Now R4 is not forming OSPF adjacencies with R1, R5 or R7. Diagnose and resolve.

R4#show ip ospf interface
#### Discovered that R4 is using sub-interface to SW
R4#show ip int br

#### Check the SW port connected to R4
R4#show cdp neighbors gi0/0
SW#show run int Gi0/2
SW#show int Gi0/2 switchport

#### Discovered that Native vlan for SW is 1457
SW#show int trunk

#### Change Native vlan to 1
SW(config)#int Gi0/2
SW(config-if)#switchport trunk native vlan 1 ?

#### Verify Native vlan 
SW#show int Gi0/2 switchport
#### Now able to ping so Layer 2 issue is eliminated
#### Still no OSPF adjacency 
#### Check if OSPF has any authentication
R4#show ip ospf 1
R4#show ip ospf int gi0/0.1457
R4#show run int gi0/0.1457

#### Remove authentication on this interface
R4(config)#int gi0/0.1457
R4(config-if)#no ip ospf authentication message-digest

#### Check if OSPF process is using any authentication
R4#show ip ospf int
R4#show run | sec router ospf 1

#### Remove authentication from OSPF process
R4(config)#router ospf 1
R4(config-router)#no area 0 authentication message-digest

#### Discovered still no OSPF adjacency 
R4#show ip ospf neighbor

#### Dive Deeper
R4#show ip ospf interface
This is Passive interface
##### Remove Passive interface from OSPF process 1
R4(config)#router ospf 1
R4(config-router)#no passive-interface g0/0.1457

#### Verify and confirm that OSPF adjacency is formed 
R4#show ip ospf neighbor

Ticket #10

R8 & R9 are not forming an OSPF adjacency.
Diagnose and resolve

##### Determine the angle of attack. No issue on Layer 2
R8#ping 89.89.89.9

#### Verify current setting
R8#show ip protocols
R8#show ip ospf interface
R8#show ip ospf interface g0/x

#### Discovered that OSPF authentication is enabled
R8#show ip ospf interface
R8#show run int g0/0
#### Check the authentication on the neighbor
R9#show ip ospf interface
Neighbor R9 is having authentication problem
#### Compare the authentication with the neighbor
R8#show run int g0/x
R9#show run int g0/x
#### Give password authentication (on Interface level)
R9(config)#int g0/0
R9(config-if)#ip ospf authentication message-digest
R9(config-if)#ip ospf message-digest-key 1 md5 mykey

#### Enable authentication for OSPF process 89
R9(config)#router ospf 89
R9(config-router)#area 89 authentication message-digest
#### Additional debug
R9#debug ip ospf hello
R9#clear logging
R9#undebug all
R9#show logging
##### Able to verify the type of area
R9#show ip protocols
#### Neighbor R8 is not on stub area
R8#show ip protocols
#### Put Area 89 to be stub (Totally Stub)
R8(config)#router ospf 1
R8(config-router)#area 89 stub no-summary
#### Verify that Totally Stubby is working correctly
R9#show ip ospf database
Single Type 3 LSA confirms that it’s totally stubby
#### Confirm the Gateway of last resort and Inter Area (O*IA)
R9#show ip route
Confirmed that only 1 O*IA route (OSPF inter area)

Ticket #11

R1 has no OSPF routes in its IP routing table.
Diagnose and resolve.

Do not make any changes under the OSPF routing process configuration on R1

#### Verify current setting
R1#show ip route ospf
R1#show ip route 5.5.5.5
R1#show ip ospf database
R1#show ip ospf database router 5.5.5.5
R1#show ip protocols
#### Discovered there is route-map
R1#show ip protocols
R1#show ip protocols | b ospf 1
There is route-map for Incoming
#### Investigate the route-map
R1#show route-map RM-NONE
Deny with Match clause prefix-list
#### Investigate the prefix-list
R1#show ip prefix-list
#### Discovered that R1 has distribute-list denying 
R1#show run | sec router ospf
Denied by Route-map
#### Remove the route-map sequence 10
R1(config)#no route-map RM-NONE 10
#### Verify removal
R1#show route-map
R1#show route-map RM-NONE

Ticket #12

R6’s loopback 0 interface is in OSPF area 1 and has an IP address of 6.6.6.6/32

This prefix is missing from OSPF routers R5, R7, R8.
Your colleague reports that a type-3 LSA for this prefix sometimes show up in the LSDB and sometimes does not. Diagnose and resolve

#### Check if loopback is configured correctly
R6#show ip route 6.6.6.6
R6#show ip ospf interface
R6#show ip ospf interface loopback 0
#### Discovered that R6 is using duplicated RID 7.7.7.7
R6#show ip ospf database summary 6.6.6.6
Remove the duplicate RID and give a unique router-id
#### Change RID for R6
R6(config)#router ospf 56
R6(config-router)#router-id 6.6.6.6
#### Clear and reload OSPF
R6#clear ip ospf process

Ticket #13

R1 & R4 are performing mutual redistribution between EIGRP AS 1234 and OSPF area 0.

A former colleague configured a route-map named RM-OSPF->EIGRP to prevent the 1.80.0.0/13 prefix from being redistributed into EIGRP on R1 but R1 is still redistributing the prefix.

Resolve the configuration error to ensure that R1 does not redistribute the 1.80.0.0/13 OSPF prefix into EIGRP. Do not filter any other prefixes

#### Study the existing route-map or prefix-list
R1#show route-map
R1#show ip prefix-list
Route-map & Prefix-list are configured correctly as per the requirement
#### Investigate further 
R1#show ip route 1.80.0.0
#### Discovered referencing the wrong route-map
By right it should reference route-map RM-OSPF->EIGRP not EIGR 
#### Check the wrong route-map if it's operational
R1#show route-map RM-OSPF-EIGR
R1#show run | sec router eigrp 1234
#### Configure the correct route-map
R1(config)#router eigrp 1234
R1(config-router)#redistribute ospf 1 route-map RM-OSPF->EIGRP

Ticket #14

R1, R3 and R4 can’t ping R2’s 2.2.2.2 loopback address from their respective loopback 0 interfaces.

Use a minimal configuration to diagnose and resolve 

#### Check and verify the problem on R1
R1#ping 2.2.2.2 source loopback 0
R1#show ip route 2.2.2.2
#### Check and verify the problem on R4
R4#ping 2.2.2.2 source loopback 0
R4#show ip route 2.2.2.2
#### Check and verify the problem on R3
R3#ping 2.2.2.2 source loopback 0
R3#show ip route 2.2.2.2
R3#traceroute 2.2.2.2 source loopback 0
R3#traceroute 2.2.2.2 source loopback 0 probe 1
#### Discovered that there is routing loop
#### Investigate who is distributing 2.2.2.2
R3#show ip eigrp topology 2.2.2.2/32
show ip eigrp topology 2.2.2.2/32
Originating router is 4.4.4.4
#### Discovered that Originating router is 4.4.4.4
R4#show ip eigrp topology 2.2.2.2/32
External protocol is Connected.
R2 is redistributing its own loopback as an External EIGRP route
#### Investigate the source router R2
R2#show run | sec router
Confirmed R2 is redistributing its own loopback.
IOS considers loopback as connected interfaces
#### Advertise loopback network normally
R2(config)#router eigrp 1234
R2(config-router)#network 2.2.2.2 0.0.0.0
#### Test the fix
R1#ping 2.2.2.2 source loopback 0
R3#ping 2.2.2.2 source loopback 0
R4#ping 2.2.2.2 source loopback 0
R1#traceroute 2.2.2.2

Ticket #15

R2 always takes the path through R4 to reach R9’s loopback 9.9.9.9

Ensure that traffic from R2 to R9’s loopback is load-balanced across R1 & R4.
Do not reconfigure any redistribution commands.

#### Check existing path
R2#show ip route 9.9.9.9
R2#traceroute 9.9.9.9
R2#traceroute 9.9.9.9 probe 1
R2#show ip eigrp topology 9.9.9.9/32
AD of R1 is equal to FD of R4 so unequal cost load balancing is not possible
#### Discovered that AD of R1 is equal to FD of R4
#### Alternative way is to force equal cost load balancing
#### Implement equal cost load balancing by making metric value same
R2#show int gix/4
#### Increase the delay (DLY) to 20 usec on the interface facing R4
R2(config)#int gix/4
R2(config-if)#delay 2
#### Confirm the change (increase from 10 to 20 usec)
R2#show int gix/4
#### Confirm the change on the EIGRP topology and routing table
R2#show ip eigrp topology 9.9.9.9/32
Finally AD is less than FD
#### Confirm the change on routing table
R2#show ip route 9.9.9.9
#### Final confirmation on CEF
R2#show ip cef 9.9.9.9

Ticket #16

None of the OSPF routers except R1 and R4 can ping R3’s loopback address 3.3.3.3/32. Ensure that all routers can reach this prefix

Do not modify or add any route maps or prefix lists.
Do not use the redistribute command 

#### Check and verify the problem
R7#ping 3.3.3.3 repeat 2
R7#show ip route 3.3.3.3
R7#show ip ospf database | i 3.3.3.3
#### Check and verify current config
R1#ping 3.3.3.3
R1#show ip route 3.3.3.3
R1#show ip route 2.2.2.2
#### Able to confirm that R1 & R4 are not redistributing 3.3.3.3
R1#show ip ospf database | b Type-5
R1#show ip ospf database | i 3.3.3.3

#### Can't find Type-5 in R4's LSDB for 3.3.3.3
R4#show ip ospf database | b Type-5
R4#show ip ospf database | i 3.3.3.3
#### Check R4 configuration
R4#show run | sec router ospf
R4#show route-map RM-EIGRP->OSPF
R4#show ip prefix-list PL-BLOCK
#### There is constrain. We are not allowed to touch redistribution
#### Implement default route 
R1(config)#router ospf 1
R1(config-router)#default-information originate always metric-type 1
Check the Gateway of last resort for all routers in the same OSPF area 0
#### Test and verify
R7#show ip route 0.0.0.0
R7#ping 3.3.3.3
R7#traceroute 3.3.3.3

#### Test and confirm with rest of the routers on OSPF
R5#ping 3.3.3.3
R6#ping 3.3.3.3
R7#ping 3.3.3.3
R8#ping 3.3.3.3
R9#ping 3.3.3.3

Leave a Comment

Your email address will not be published. Required fields are marked *