Some Questions on OSPF 5

[Tony414]

Hello,
I am going to implement OSPF on our network. Not a big network, a total of only 5 1700 routers. Can anywone give me some common mistakes that people might make when implementing it? If there is evey any. Can someone give me a quick example? Lets just say I have 2 routers. Router A and Router B. One thing I'm not sure of is the area setting. Thanks in advance for the help.

Tony

 

[burtsbees]

Is this a lab project, or a production environment?

Burt

 

[Tony414]

It's a production environment. I have a cisco simulator I was going to try it out on.

 

[burtsbees]

Why OSPF with only 5 routers? Are there other sites? OSPF is usually implemented in large environments with over 50 routers...

Burt

 

[Tony414]

Ok. I guess I just learn something then I'm a little concerned about something I found when doing a little testing. Lets say I have 3 networks 10.111.X.X, 10.81.X.X, 10.0.0.X. If I use the ping command from the router and try a ping from 10.111 > 10.0 it doesn't work. But if I ping from a server on the 10.111 network > 10.0 network it works. So I'm a little stumped. When I'm at work on Monday I can post some router configs if that would help you, in order to help me. Thanks again..

Tony

 

[burtsbees]

Sounds like you don't have a return route for the pings to return...

Burt

 

[Tony414]

Hello! Here are the router configs. All routers are 1700. I only posted 3 routers. The other two routers are the same (connected) like the ParkRec (10.111.0.1) router. Any help is appreciated. Thanks!

-------------------------------------------------------
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname TownHall
!
boot system flash flash:c1700-y-mz.123-1a.bin
enable password 7 14051D1E180138663020626771
!
ip subnet-zero
!
!
no ip domain lookup
!
!
interface FastEthernet0
description connected to TownHall LAN
ip address 10.81.0.1 255.255.0.0
speed 100
full-duplex
!
interface Serial0
description connected to HighSchool
ip address 172.16.51.1 255.255.255.252
no ip unreachables
encapsulation ppp
ip route-cache flow
service-module t1 clock source internal
service-module t1 remote-alarm-enable
service-module t1 fdl ansi
!
interface Serial1
description connected to PoliceDept
ip address 172.16.51.5 255.255.255.252
encapsulation ppp
ip route-cache flow
service-module t1 clock source internal
service-module t1 remote-alarm-enable
service-module t1 fdl ansi
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.51.2 permanent
ip route 10.91.0.0 255.255.0.0 172.16.51.6 permanent
ip route 10.101.0.0 255.255.0.0 10.81.0.5 permanent
ip route 10.111.0.0 255.255.0.0 10.81.0.5 permanent
ip route 10.121.0.0 255.255.0.0 10.81.0.6 permanent
ip http server
!
snmp-server community router-public123 RO
snmp-server community router-guilford123 RW
snmp-server location 2nd Floor Phone Closet
snmp-server contact Tony Santarcangelo,203-453-8466,santat@ci.guilford.ct.us
no snmp-server enable traps tty
banner motd ^CUnauthorized use or access will be prosecuted to the fullest exten
t of the law!

WELCOME TO THE TOWNHALL ROUTER!^C
!
line con 0
exec-timeout 0 0
password 7 0958411E170D161E075D5679
login
line aux 0
line vty 0 2
password 7 131118050504052627757A60
login
line vty 3 4
login
!
no scheduler allocate
!
end

------------------------------------------------------
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname TownHall2
!
boot system flash flash:c1700-y-mz.123-1a.bin
enable password 7 044904131B245E031D1157464058
!
ip subnet-zero
ip rcmd rsh-
ip rcmd remote-host tony414 10.81.0.16 tony414 enable
!
!
no ip domain lookup
!
!
!
!
!
interface FastEthernet0
description connected to TownHall LAN
ip address 10.81.0.5 255.255.0.0
speed 100
full-duplex
!
interface Serial0
description connected to PublicWorks
ip address 172.16.51.9 255.255.255.252
encapsulation ppp
no fair-queue
service-module t1 clock source internal
service-module t1 remote-alarm-enable
service-module t1 fdl ansi
!
interface Serial1
description connected to ParkRec
ip address 172.16.51.
encapsulation ppp
service-module t1 clock source internal
service-module t1 remote-alarm-enable
service-module t1 fdl ansi
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.81.0.1 permanent
ip route 10.101.0.0 255.255.0.0 172.16.51.10 permanent
ip route 10.111.0.0 255.255.0.0 172.16.51.14 permanent
ip http server
!
snmp-server community router-public123 RO
snmp-server community router-guilford123 RW
snmp-server location 31 Park St. 2nd Floor Closet
snmp-server contact Tony Santarcangelo,203-453-8466,santat@ci.guilford.ct.us
snmp-server enable traps tty
banner motd ^CUnauthorized use or access will be prosecuted to the fullest exten
t of the law!

WELCOME TO THE TOWNHALL ROUTER 2 !
^C
!
line con 0
exec-timeout 0 0
password 7 01070913550307032D1E1F5B4A
login
line aux 0
line vty 0 4
password 7 02120B4C050E0E2D401C584B56
login
!
!
end

--------------------------------------------------------
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ParkRec
!
boot system flash flash:c1700-y-mz.123-1a.bin
enable password 7 06140034584B1B54150543595F
!
ip subnet-zero
no ip rcmd domain-lookup
!
!
!
!
!
!
!
interface FastEthernet0
description connected to ParkRec LAN
ip address 10.111.0.1 255.255.0.0
speed auto
!
interface Serial0
description connected to TownHall2
ip address 172.16.51.14 255.255.255.252
encapsulation ppp
service-module t1 remote-alarm-enable
service-module t1 fdl ansi
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.51.13 permanent
ip route 10.81.0.0 255.255.0.0 172.16.51.13 permanent
ip http server
!
snmp-server community router-public123 RO
snmp-server community router-guilford123 RW
snmp-server location Phone Room
snmp-server contact Tony Santarcangelo,453-8466,santat@ci.guilford.ct.us
snmp-server enable traps tty
banner motd ^C
WELCOME TO THE PARKREC ROUTER!^C
!
line con 0
exec-timeout 0 0
password 7 0314495A545C
login
line aux 0
line vty 0 4
password 7 051B145E731F
login
!
no scheduler allocate
!
end

-----------------------------------------------------
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname HighSchool
!
enable password 7 06140034584B1B540D0443595F
!
ip subnet-zero
ip rcmd rsh-enable
ip rcmd remote-host tony414 10.81.0.16 tony414
no ip domain-lookup
!
!
!
!
interface FastEthernet0
description connected to HighSchool LAN
ip address 10.0.0.20 255.255.255.0
speed auto
!
interface Serial0
description connected to TownHall
ip address 172.16.51.2 255.255.255.252
encapsulation ppp
service-module t1 clock source internal
service-module t1 remote-alarm-enable
service-module t1 fdl ansi
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 10.81.0.0 255.255.0.0 172.16.51.1 permanent
ip route 10.91.0.0 255.255.0.0 172.16.51.1 permanent
ip route 10.101.0.0 255.255.0.0 172.16.51.1 permanent
ip route 10.111.0.0 255.255.0.0 172.16.51.1 permanent
ip route 10.121.0.0 255.255.0.0 172.16.51.1 permanent
ip http server
!
!
snmp-server community router-guilford123 RW
snmp-server community router-public123 RO
snmp-server contact Bruce Scranton,203-453-2741 X226,scrantonb@guilford.k12.ct.u
s
banner motd ^CUnauthorized use or access will be prosecuted to the fullest exten
t of the law!

WELCOME TO THE HIGHSCHOOL-TOWNHALL ROUTER!
^C
!
line con 0
exec-timeout 0 0
password 7 05030F08295F4D01160A1B43595F
login
line aux 0
line vty 0 2
password 7 011B0F03531805072E4342584B56
login
line vty 3 4
login
!
end

---------------------------------------------------------

 

[Tony414]

What's throwing me for a loop is why can I ping from a client machine or server and it works?

 

[jneiberger]

I'm curious about a few things. If you only have five routers and a handful of LAN subnets, why do you have a 10/8 and 172.16/20 addresses? And why do you have different subnet lengths within the 10/8 address space? Your High School LAN has a /24 mask but the rest of your 10/8 LANs use a /16 mask. That will just make it easier for someone to mistype a subnet mask somewhere, which could cause reachability issues.

If I were you, I'd first make sure that all devices had the right subnet mask and default gateway configured. Then I'd turn on EIGRP or RIPv2 and remove the static routes once I was sure that dynamic routing was working properly.

 

[Tony414]

First off. I'm not a cisco pro so with that being said I will do my best to relay the info. So you're saying that the serial ip's (172.16) should have the same mask as the 10 network? I'm not that great with IP addressing schemes. That's probably why I'm having issues Now the default gateway on the router would be set to what? Do I have that set correctly? Thanks!

 

[jneiberger]

I was just wondering about the lack of consistency in your addressing scheme. That, by itself, isn't going to cause direct problems, but it would be a lot nicer if you use a consistent scheme.

The router doesn't have a default gateway, exactly. You have default routing configured on your routers, which is a similar idea.

 

[Tony414]

Would it be better to have a default gateway instead of the default route? And how would the gateway be set?

 

[jneiberger]

Don't worry about setting a default gateway on the router. That's not what you think it is. There is a command, "ip default-gateway", on the router but it isn't what you expect it to be and is inapplicable here.

 

[Tony414]

Ok. Let me give a little better example. I have 2 routers at my location 10.81.0.1 and 10.81.0.5. All traffic to the internet goes out the serial of 10.81.0.1 which is tied to another router 10.0.0.20. The 2 10.81 router are on the same LAN but seperate routers. Then there is the ParkRec router which is 10.111.0.1. The 10.111.0.1 router is connected to 10.81.0.5 through a T1 point-point. Here is some ping testing I did.

10.81.0.1 > 10.0.0.20 WORKS
10.0.0.20 > 10.81.0.1 WORKS
10.0.0.20 > 10.111.0.1 WORKS
10.111.0.1 > 10.81.0.1 DOESN'T WORK
10.111.0.1 > 10.81.0.5 WORKS

 

[jneiberger]

How are you doing this ping tests? Are you using extended pings in order to specify the source address? In other words, how are you pinging from 10.111.0.1, for example? Are you actually pinging from that router using extended pings, or do you actually mean to say that you're ping from a device on that LAN?

 

[Tony414]

I am pinging from the router:
From 10.111.0.1
"Ping 10.0.0.20

 

[jneiberger]

If that's the case then you're not actually pinging FROM 10.111.0.1. When pinging from a router, the source IP address is the interface that the packet leaves on. In this case, the source IP address would be the WAN IP address, not the LAN IP address. That's a very important distinction to make.

Looking at these configs, I don't see why the ParkRec router cannot ping the LAN interface of the TownHall router. Go to the TownHall2 router and type "show arp". See if you have an entry for 10.18.0.1. Also, see if you can ping TownHall from TownHall2.

 

[Tony414]

Hello,
Yes I do see an entry for 10.81.0.1 when doing a "show arp" from the townhall2 (10.81.0.5) router. I can also ping TownHall (10.81.0.1) from TownHall2 (10.81.0.5).

 

[Tony414]

Can it be anything in this area of the TownHall (10.81.0.1) router?

ip classless
ip route 0.0.0.0 0.0.0.0 172.16.51.2 permanent
ip route 10.91.0.0 255.255.0.0 172.16.51.6 permanent
ip route 10.101.0.0 255.255.0.0 10.81.0.5 permanent
ip route 10.111.0.0 255.255.0.0 10.81.0.5 permanent
ip route 10.121.0.0 255.255.0.0 10.81.0.6 permanent

 

[jneiberger]

It looks like the routes are correct. Try doing traceroutes instead of pings and see where they fail.