扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
作者:zdnet安全频道 来源:论坛整理 2008年11月17日
关键字: CISCO
(1)接口上没有激活ospf
就是在network语句的时候没有匹配清楚,比如配置了错误的反掩码不对,在show ip ospf interface的时候不会显示你希望激活的接口。使用show ip ospf interface来验证。
这时候的邻居表是空的
>R2#show ip ospf neighbor
R2#
(2)物理层或者是数据链路层协议down.
使用show ip int brief 或者是 show int type nomber会导致ospf packet 封装失败。
(3)建立邻居的接口被passive掉
R2#show ip ospf interface Ethernet 0
Ethernet0 is up, line protocol is up
Internet Address 131.108.1.2/24, Area 0
Process ID 1, Router ID 131.108.1.2, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 131.108.1.2, Interface address 131.108.1.2
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
No Hellos (Passive interface)
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
(4)OSPF的hello组播地址被ACL Block
R1#
interface Ethernet0
ip address 131.108.1.1 255.255.255.0
ip access-group 100 in
!
access-list 100 permit tcp any any
access-list 100 permit udp any any
access-list 101 permit ip 131.108.1.0 0.0.0.255 host 224.0.0.5
R2#
interface Ethernet0
ip address 131.108.1.2 255.255.255.0
ip access-group 100 in
!
access-list 100 permit tcp any any
access-list 100 permit udp any any
access-list 101 permit ip 131.108.1.0 0.0.0.255 host 224.0.0.5
R2#debug ip packet 101 detail
IP packet debugging is on (detailed) for access list 101
IP: s=131.108.1.2 (Ethernet0), d=224.0.0.5, len 68, access denied, proto=89
这时候的邻居关系是INIT
R2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
131.108.2.1 1 INIT/- 00:00:33 131.108.1.1 Ethernet0
R1#show access-list 101
Extended IP access list 101
permit ip 131.108.1.0 0.0.0.3 host 224.0.0.5 (8 matches)
R1#debug ip packet 101 detail
IP packet debugging is on (detailed) for access list 101
R1#
IP: s=131.108.1.1 (local), d=224.0.0.5 (Ethernet0), len 60, sending broad/multicast,
proto
=89
IP: s=131.108.1.2 (Ethernet0), d=224.0.0.5, len 82, access denied, proto=89
IP: s=131.108.1.1 (local), d=224.0.0.5 (Ethernet0), len 60, sending broad/multicast,
proto
=89
IP: s=131.108.1.2 (Ethernet0), d=224.0.0.5, len 82,access denied, proto=89
(5)在broadcast链路上的子网掩码不匹配
(6)Hello/dead 间隔不匹配
(7)认证方式或者是认证密码不匹配
使用debug ip ospf adj 来查看,可以自己使用不同的情况来验证
(8)两台路由器处于不同的AREA
R1#debug ip ospf adj
OSPF adjacency events debugging is on
R1#
OSPF: Rcv pkt from 131.108.1.2, Ethernet0, area 0.0.0.0
mismatch area 0.0.0.1 in the header
R2#show log
%OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be virtual-link but not found from 131.108.1.1, Ethernet0
(9)Stub/transit/NSSA 区域类型不匹配
这个是常常不小心会被忘记的。
R1#debug ip ospf adj
OSPF adjacency events debugging is on
R1#
OSPF: Rcv hello from 131.108.0.1 area 1 from Ethernet0 131.108.1.2
OSPF: Hello from 131.108.1.2 with mismatched Stub/Transit area option bit
R1#debug ip ospf adj
OSPF adjacency events debugging is on
R1#
OSPF: Rcv hello from 131.108.0.1 area 1 from Ethernet0 131.108.1.2
OSPF: Hello from 131.108.1.2 with mismatched NSSA option bit
(10)使用secondary IP来建立OSPF adjacencyR2#
interface FastEthernet0/0
ip address 131.108.1.2 255.255.255.0 secondary
ip address 131.108.4.2 255.255.255.0
R1#
interface Ethernet0
ip address 131.108.1.1 255.255.255.0
R2#debug ip ospf adj
OSPF adjacency events debugging is on
R2#
OSPF: Rcv pkt from 131.108.1.1, FastEthernet0/0, area 0.0.0.1 : src not on the same network
(11)OSPF网络类型不匹配(P-TO-P 和P-TO-M网络类型在hello时间间隔相同的情况下可以建立full关系,但是会缺少一条路由可以做一下相关使用验证
(12)NBMA (Frame Relay, X.25, SMDS, and so on)网络类型上没有手动指定neighbor ip 地址 邻居一直都是ATTEMPT状态
(13)在Router 两边的frame-relay map/dialer map语句声明中缺少了broadcast参数
(14)接口两边的MTU 不匹配
在cisco ios 12.0.3中加入了对mtu的检测,而低于这个版本的ios会忽略mtu检测,需要查看router 的ios version,debug ip ospf adj的结果是发现有大量的dbd重传,出现loading的原因就是一边的router需要对mtu进行检测,而一边忽略。
R2#debug ip ospf adj
OSPF adjacency events debugging is on
R2#
OSPF: Retransmitting request to 131.108.2.1 on Serial0
OSPF: Database request to 131.108.2.1
OSPF: sent LS REQ packet to 131.108.1.1, length 12
OSPF: Retransmitting request to 131.108.2.1 on Serial0
解决方法是接口命令:mtu 4470
而不是:ip mtu 4470
这时候的状态是 loading 。
R2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
131.108.2.1 1 LOADING/- 00:00:37 131.108.1.1 Serial0
还有一种mtu不匹配的情况是邻居关系是EXSTART,因为两边的mtu都需要检测,而mtu大小又不匹配.
R2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
131.108.2.1 1 EXSTART/- 00:00:33 131.108.1.1 Serial0
R1#debug ip ospf adj
OSPF: Retransmitting DBD to 131.108.1.2 on Serial0.1
OSPF: Send DBD to 131.108.1.2 on Serial0.1 seq 0x1E55 opt 0x2 flag 0x7 len 32
OSPF: Rcv DBD from 131.108.1.2 on Serial0.1 seq 0x22AB opt 0x2 flag 0x7 len 32 mtu 1500
state EXSTART
OSPF: Nbr 131.108.1.2 has larger interface MTU
(15)在broadcast网络上需要选举dr,而这时候两边的优先级又都是0
(16)在Asynchronous Interfaces上的OSPF邻居关系
R1#
interface Async1
description ASYNC LINE TO R2
ip address 131.108.1.1 255.255.255.0
encapsulation ppp
async mode dedicated
dialer in-band
dialer map ip 131.108.1.2 name Router2 broadcast
dialer-group 1
ppp authentication chap
R2#
interface Async1
description ASYNC LINE TO R1
ip address 131.108.1.2 255.255.255.0
encapsulation ppp
async mode dedicated
dialer in-band
dialer map ip 131.108.1.1 name Router2 broadcast
dialer-group 1
ppp authentication chap
解决方法是在两个使用async default routing 或者asyn dynamic routing 接口命令
(15)两个路由器的Router id相同,ospf的master和slave关系不能确定
R2#debug ip ospf adj
OSPF: Retransmitting DBD to 131.108.2.1 on Serial0
OSPF: Send DBD to 131.108.2.1 on Serial0 seq 0x793 opt 0x2 flag 0x7 len 32
OSPF: Rcv DBD from 131.108.2.1 on Serial0 seq 0x25F7 opt 0x2 flag 0x7 len 32 mtu 0 state
EXSTART
OSPF: First DBD and we are not SLAVE
(16)因为router接口的物理问题而导致的 ospf packet checksum错误,接着就重传的问题。
R2#show log
%OSPF-4-ERRRCV: Received invalid packet: Bad Checksum from 131.108.1.1, Serial0
%OSPF-4-ERRRCV: Received invalid packet: Bad Checksum from 131.108.1.1, Serial0
R2#debug ip ospf adj
OSPF adjacency events debugging is on
R2#
OSPF: Retransmitting request to 131.108.2.1 on Serial0
OSPF: Database request to 131.108.2.1
OSPF: sent LS REQ packet to 131.108.1.1, length 12
OSPF: Retransmitting request to 131.108.2.1 on Serial0
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。
京公网安备 11010802021500号