OSPF issue?

Gucul
Member
Posts: 16
Joined: 12 Apr 2011 15:35

OSPF issue?

Post by Gucul » 29 Sep 2011 17:59

Hi Everyone,
I have these type of requirements: I need to create two independent networks 10 and 20. They can't talk to each other but network 30 witch is located on Control Center switch have talk to both of them. OSPF is a part of requirements. I tried different OSPF configurations so far no success.((
From network 30 workstation I can talk to local switch but not to neighbor switch.
I also wondering is it another methods to achieve this requirements?
It has to be two rings topology.
I gonna upload topology and config of two switches
Thanks a lot,

Gucul
You do not have the required permissions to view the files attached to this post.

one6f
Member
Posts: 366
Joined: 10 Mar 2009 09:58

Re: OSPF issue?

Post by one6f » 30 Sep 2011 04:46

Hi Gucul,
in your config I haven't found any connection ip networks between switches.

Gucul
Member
Posts: 16
Joined: 12 Apr 2011 15:35

Re: OSPF issue?

Post by Gucul » 30 Sep 2011 11:51

Hi one6f,
Thanks for quick reply. I'm not sure did you look careful. I can ping from Control Center(CC) switch neighbor switch I just can't do it from work station on network 30. My ip connection between switches is:

ip interface "vlan-15" address 10.10.250.14 mask 255.255.255.252 vlan 15 - this ip interface on neighbor
ip interface "vlan-14" address 10.10.250.13 mask 255.255.255.252 vlan 14 - this ip interface on Control Center
The same way for network 20.

Gucul
Member
Posts: 16
Joined: 12 Apr 2011 15:35

Re: OSPF issue?

Post by Gucul » 30 Sep 2011 12:58

For easier understanding this RING topology I add more info to drawing.
You do not have the required permissions to view the files attached to this post.

one6f
Member
Posts: 366
Joined: 10 Mar 2009 09:58

Re: OSPF issue?

Post by one6f » 01 Oct 2011 05:43

Hi Gucul,
"10.10.250.14 mask 255.255.255.252 vlan 15" and "10.10.250.13 mask 255.255.255.252 vlan 14"
does confused me, but that does not matter, if it's works.
How looks your routing tables for omni10.10.112.1 and omni10.10.100.1? Do you see a route to 10.30.112.0 on omni10.10.100.1?
Can you ping from 10.30.112.201 any ip interface on omni10.10.112.1(include 10.10.250.13 and 10.20.250.13) and then 10.10.250.14 and 10.20.250.14 on omni10.10.100.1?
"vlan-30" is in area 0 and this area is only on CC switch.
Normally OSPF will not be used to block independent networks, in your case, all OSPF routing updates must traverse area 0. Also you can try to put communicate vlans in area 0 and then block vlan-10 and vlan-20 with ACLs.

Gucul
Member
Posts: 16
Joined: 12 Apr 2011 15:35

Re: OSPF issue?

Post by Gucul » 03 Oct 2011 15:30

Hi one6f,

1These are my routing tables for omni10.10.112.1 and omni10.10.100.:

omni10.10.112.1

Dest Address Subnet Mask Gateway Addr Age Protocol
------------------+-----------------+-----------------+---------+-----------
10.10.100.0 255.255.255.0 10.10.250.14 00:11:22 OSPF
10.10.104.0 255.255.255.0 +10.10.250.9 2d22h OSPF
+10.10.250.14 00:11:22 OSPF
10.10.108.0 255.255.255.0 10.10.250.9 2d22h OSPF
10.10.112.0 255.255.255.0 10.10.112.1 2d22h LOCAL
10.10.250.0 255.255.255.252 10.10.250.14 00:11:22 OSPF
10.10.250.4 255.255.255.252 10.10.250.9 2d22h OSPF
10.10.250.8 255.255.255.252 10.10.250.10 2d22h LOCAL
10.10.250.12 255.255.255.252 10.10.250.13 00:12:19 LOCAL
10.20.100.0 255.255.255.0 10.20.250.14 00:04:25 OSPF
10.20.104.0 255.255.255.0 +10.20.250.9 2d22h OSPF
+10.20.250.14 00:04:25 OSPF
10.20.108.0 255.255.255.0 10.20.250.9 2d22h OSPF
10.20.112.0 255.255.255.0 10.20.112.1 2d22h LOCAL
10.20.250.0 255.255.255.252 10.20.250.14 00:04:25 OSPF
10.20.250.4 255.255.255.252 10.20.250.9 2d22h OSPF
10.20.250.8 255.255.255.252 10.20.250.10 2d22h LOCAL
10.20.250.12 255.255.255.252 10.20.250.13 00:12:20 LOCAL
10.30.112.0 255.255.255.0 10.30.112.1 2d22h LOCAL
127.0.0.1 255.255.255.255 127.0.0.1 2d22h LOCAL

omni10.10.100.1

Dest Address Subnet Mask Gateway Addr Age Protocol
------------------+-----------------+-----------------+---------+-----------
10.10.100.0 255.255.255.0 10.10.100.1 00:08:38 LOCAL
10.10.104.0 255.255.255.0 10.10.250.2 00:07:45 OSPF
10.10.108.0 255.255.255.0 +10.10.250.2 00:07:45 OSPF
+10.10.250.13 00:07:45 OSPF
10.10.112.0 255.255.255.0 10.10.250.13 00:07:45 OSPF
10.10.250.0 255.255.255.252 10.10.250.1 00:08:40 LOCAL
10.10.250.4 255.255.255.252 10.10.250.2 00:07:45 OSPF
10.10.250.8 255.255.255.252 10.10.250.13 00:07:45 OSPF
10.10.250.12 255.255.255.252 10.10.250.14 00:08:40 LOCAL
10.20.100.0 255.255.255.0 10.20.100.1 00:08:37 LOCAL
10.20.104.0 255.255.255.0 10.20.250.2 00:00:40 OSPF
10.20.108.0 255.255.255.0 +10.20.250.2 00:00:40 OSPF
+10.20.250.13 00:00:40 OSPF
10.20.112.0 255.255.255.0 10.20.250.13 00:00:40 OSPF
10.20.250.0 255.255.255.252 10.20.250.1 00:08:39 LOCAL
10.20.250.4 255.255.255.252 10.20.250.2 00:00:40 OSPF
10.20.250.8 255.255.255.252 10.20.250.13 00:00:40 OSPF
10.20.250.12 255.255.255.252 10.20.250.14 00:08:39 LOCAL
127.0.0.1 255.255.255.255 127.0.0.1 00:09:55 LOCAL

I don't have route to 10.30.112.1 on omni10.10.100.1 and I don't know how to push it. I tried many times different configs and once ospf created default route on omni10.10.100.1. When default route where created everything worked fine and I thought that problem solved but after switch rebooted default route disappear again.

2 I can ping from 10.30.112.201 following ips: 10.10.112.1, 10.20.112.1, 10.30.112.1, 10.10.250.13 and 10.20.250.13 but I can't ping 10.10.250.14 and 10.20.250.14 on omni10.10.100.1

3 Correct. Vlan 30 is in area 0 and this is only on CC switch.

4 I tried to put communication vlans in area 0 and it worked but traffic was just going through one physical link picking any gateway he wanted, I mean when I did traceroute I noticed that traffic from network 10, for example, could pick gateways from network 20 and then go back to network 10. Then I applied ACL and did traceroute. Now it was no communication or sometimes I could get to destination but route wasn't traceable* * *.

one6f
Member
Posts: 366
Joined: 10 Mar 2009 09:58

Re: OSPF issue?

Post by one6f » 04 Oct 2011 04:18

Hi,
I don't have route to 10.30.112.1 on omni10.10.100.1 and I don't know how to push it.
This explains, why it is not possible to ping omni10.10.100.1 ip interfaces from your NB. But there is still the possibility of using static route.
3 Correct. Vlan 30 is in area 0 and this is only on CC switch.
OSPF must have a backbone area 0. Any other areas must connect to area 0. All traffic between areas must go through area 0.
But what is there against putting all ip interfaces on all switches in Area 0(without areas 1 and 2)? This is the easiest way for OSPF.
You have then routing in all directions with equal cost routes to destination and with ACLs you can separate vlan-10 from vlan-20.
Then I applied ACL and did traceroute
Can you please post your ACL.

Gucul
Member
Posts: 16
Joined: 12 Apr 2011 15:35

Re: OSPF issue?

Post by Gucul » 04 Oct 2011 16:58

Hi,

This is my ACL:

access-list 101 permit ip 10.10.0.0 0.0.255.255 10.10.0.0 0.0.255.255
access-list 101 permit ip 10.30.0.0 0.0.255.255 10.10.0.0 0.0.255.255
access-list 101 permit ip 10.10.0.0 0.0.255.255 10.30.0.0 0.0.255.255
access-list 102 permit ip 10.20.0.0 0.0.255.255 10.20.0.0 0.0.255.255
access-list 102 permit ip 10.30.0.0 0.0.255.255 10.20.0.0 0.0.255.255
access-list 102 permit ip 10.20.0.0 0.0.255.255 10.30.0.0 0.0.255.255
!
interface Ethernet 1/1
ip access-group 101 In
ip access-group 101 Out
!
exit
!
interface Ethernet 1/2
ip access-group 101 In
ip access-group 101 Out
!
exit
!
interface Ethernet 1/3
ip access-group 101 In
ip access-group 101 Out
!
exit
!
interface Ethernet 1/4
ip access-group 101 In
ip access-group 101 Out
!
exit
!
interface Ethernet 1/5
ip access-group 101 In
ip access-group 101 Out
!
exit
!
interface Ethernet 1/6
ip access-group 101 In
ip access-group 101 Out
!
exit
!
interface Ethernet 1/7
ip access-group 101 In
ip access-group 101 Out
!
exit
!
interface Ethernet 1/8
ip access-group 101 In
ip access-group 101 Out
!
exit
!
interface Ethernet 1/9
ip access-group 102 In
ip access-group 102 Out
!
exit
!
interface Ethernet 1/10
ip access-group 102 In
ip access-group 102 Out
!
exit
!
interface Ethernet 1/11
ip access-group 102 In
ip access-group 102 Out
!
exit
!
interface Ethernet 1/12
ip access-group 102 In
ip access-group 102 Out
!
exit
!
interface Ethernet 1/13
ip access-group 102 In
ip access-group 102 Out
!
exit
!
interface Ethernet 1/14
ip access-group 102 In
ip access-group 102 Out
!
exit
!
interface Ethernet 1/15
ip access-group 102 In
ip access-group 102 Out
!
exit
!
interface Ethernet 1/16
ip access-group 102 In
ip access-group 102 Out
!
exit

This ACL on all three switches except CC switch. On CC switch ACL applied just to communication interfaces (1,2 for network 10 and 9/10 for network 20).

one6f
Member
Posts: 366
Joined: 10 Mar 2009 09:58

Re: OSPF issue?

Post by one6f » 05 Oct 2011 08:51

Hi,
try this attached. Avlan you don't needed(can be removed) its simply for test purposes in order to keep ip interfaces always up;)
There is only area 0 exists for routing purposes.
ACLs (are the same on all switches) blocks only traffic from vlan-10 to vlan-20 and from vlan-20 to vlan-10.
They can't talk to each other but network 30 witch is located on Control Center switch have talk to both of them.
Any other traffic is allowed!
Please note there are only configs for omni10.10.100.1 and omni10.10.112.1(you have only posted). You need to add all other ip networks for vlan-10 and vlan-20 groups in ACL !!

PS: Regarding aclman, the destination port condition is only applied to bridged traffic, it is not applied to routed traffic!
I very rarely use this.
You do not have the required permissions to view the files attached to this post.

Gucul
Member
Posts: 16
Joined: 12 Apr 2011 15:35

Re: OSPF issue?

Post by Gucul » 05 Oct 2011 11:12

Hi,
I'll try this config and let you know does it work.
Thanks a lot!

Post Reply

Return to “OmniSwitch 6855”