Some Questions on OSPF 5

[Tony414]

Hello,
I am going to implement OSPF on our network. Not a big network, a total of only 5 1700 routers. Can anywone give me some common mistakes that people might make when implementing it? If there is evey any. Can someone give me a quick example? Lets just say I have 2 routers. Router A and Router B. One thing I'm not sure of is the area setting. Thanks in advance for the help.

Tony

 

[burtsbees]

network 10.101.0.0 0.0.255.255 area 0

Any directly connected subnets (not IP address) get put into that router's ospf instance. Example...
Router A has interfaces in the 10.1.1.0/24 and 10.2.2.0 subnets, then router A ospf statement would be
router ospf 1
net 10.1.1.0 0.0.0.255 area 0
net 10.2.2.0 0.0.0.255 area 0

No other networks---the router can only advertise correctly routes IT knows about by virtue of the routes being physically attached in THAT router.

Burt

 

[Tony414]

Ok. That's done! Here is the ParkRec (10.111.0.1) router for an example

router ospf 1
log-adjacency-changes
network 10.111.0.0 0.0.255.255 area 0
network 172.16.51.0 0.0.0.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.51.13 permanent
ip http server

 

[jneiberger]

Once you're done with all routers, all of your networks should be in your OSPF database. Take a look and see if any are missing. If they're all there, you should be able to start removing static routes.

 

[Tony414]

All done! Looking good!! Static routes are now removed. Thanks a million to all

 

[jneiberger]

Awesome! Let us know if you have any problems or more questions. I'm glad we got it working for you.

 

[Tony414]

I do have one last question What does the ip classless command do? I looked it up, but it's still not clicking....

 

[Tony414]

Ok. One last thing I was playing around with the static routers. Lets say for the TownHall router, does this still need to be in there?
ip route 0.0.0.0 0.0.0.0 172.16.51.2 permanent

This router is connected to the HighSchool which gets us out the internet. When I remove it, pinging the HighSchool router is fine but our internet goes down...hmmmm When I put that ip route back in, it works...

 

[jneiberger]

If the High School router is the one that has Internet connectivity, then it is the one that needs to have the "default-information originate" command on it. I seem to recall that you put that command on a different router.

The High School router would still need the static route, but the rest of your routers will learn the default route from the High School router.

 

[Tony414]

Sounds logical I'll give it a wirl and see what happens...

Thanks!

 

[Tony414]

I made that change but it didn't work 100% I have the 2 routers on the same lan 10.81.0.1 and 10.81.0.5. The 10.81 router goes to the HighSchool which gets out the internet. On the 10.81.0.5 router I have a route added like this:
0.0.0.0 0.0.0.0 10.81.0.1

As soon as I remove that I can still pink everyone, but the internet goes down. I'm stumped!!

 

[jneiberger]

Did you take out all "default-information originate" lines from all routes except the High School router?

 

[Tony414]

Hmmm... Currently only the HighSchool router has "default-information originate always" and that's it...

 

[burtsbees]

Change this
0.0.0.0 0.0.0.0 10.81.0.1
and make it the same as 10.81.0.1
since they are in the same subnet, they are probably directly connected to eachother, so they both need the default route that 10.81.0.1 has.

Burt

 

[jneiberger]

That's strange. As long as your High School router has a default static route pointing to the Internet, it should advertise that route to the rest of the routers in your area. However, if you have any static default routes left in your configs, they will take precedence over the default learned via OSPF.

As an experiment, pick a router (not the HS router) and remove the static default route then do a show ip route and see what it says is your default route. There should be one. If not, there is a problem.

 

[jneiberger]

Burt, they are connected on the same LAN, but they shouldn't have the same default. One router (.5, I think) should have a default pointing to the other router (.1) via the LAN interface. However, the second router's default route should point to across its WAN interface toward the High School router.

 

[burtsbees]

Yeah---it knows already about .1 address, but not necessarily the other side of .1, the outgoing interface of .1
Nevermind...

Burt

 

[Jsteve]

Tony, You have gotten some good advice so far, but just wanted to add my 2cents.

First, it's not a good idea to post your snmp passwords. Anyone can easily hack your routers.

Here is what you final config should look like. (Note* is stead of advertising the subnets in the ospf process, I advertised the specific Interface IP address. It work both ways)

--------------------------
hostname HighSchool
!
interface FastEthernet0
description connected to HighSchool LAN
ip address 10.0.0.20 255.255.255.0
!
interface Serial0
description connected to TownHall
ip address 172.16.51.2 255.255.255.252
!
router ospf 1
log-adjacency-changes
network 10.0.0.20 0.0.0.0 area 0
network 172.16.51.2 0.0.0.0 area 0
default-information originate always
!
ip route 0.0.0.0 0.0.0.0 10.0.0.1
------------------
hostname TownHall

interface FastEthernet0
description connected to TownHall LAN
ip address 10.81.0.1 255.255.0.0
!
interface Serial0
description connected to HighSchool
ip address 172.16.51.1 255.255.255.252
!
interface Serial1
description connected to PoliceDept
ip address 172.16.51.5 255.255.255.252
!
router ospf 1
log-adjacency-changes
network 10.81.0.1 0.0.0.0 area 0
network 172.16.51.5 0.0.0.0 area 0
network 172.16.51.1 0.0.0.0 area 0
------------------------------------------------------
hostname TownHall2
!
interface FastEthernet0
description connected to TownHall LAN
ip address 10.81.0.5 255.255.0.0
!
interface Serial0
description connected to PublicWorks
ip address 172.16.51.9 255.255.255.252
!
interface Serial1
description connected to ParkRec
ip address 172.16.51.13 255.255.255.252
!
router ospf 1
log-adjacency-changes
network 10.81.0.5 0.0.0.0 area 0
network 172.16.51.13 0.0.0.0 area 0
-----------------------------------------------------
hostname PublicWorks
!
interface FastEthernet0
description connected to PuplicWorks LAN
ip address 10.101.0.1 255.255.0.0
!
interface Serial0
description connected to TownHall2
ip address 172.16.51.10 255.255.255.252
!
router ospf 1
log-adjacency-changes
network 10.101.0.1 0.0.0.0 area 0
network 172.16.51.10 0.0.0.0 area 0
--------------------------------------------------------
hostname PD
!
interface FastEthernet0
description connected to HighSchool LAN
ip address 10.121.0.1 255.255.0.0
!
interface Serial0
description connected to TownHall
ip address 172.16.51.6 255.255.255.252
!
router ospf 1
log-adjacency-changes
network 10.121.0.1 0.0.0.0 area 0
network 172.16.51.6 0.0.0.0 area 0
______________________________________

this works fine provided the internet router you have haning off your Highschool lan has routes back to all of you subnets.

Also it is good practice to add mgmt loopback addresses and use them as ospf router ID's, for example

hostname HighSchool
!
interface lo0
description Mgmt
ip address 192.168.1.1 255.255.255.255
ip ospf network point-to-point
!
router ospf 1
router-id 192.168.1.1
network 192.168.1.1 0.0.0.0 area 0
------------------
hostname TownHall
!
interface lo0
description Mgmt
ip address 192.168.1.2 255.255.255.255
ip ospf network point-to-point
!
router ospf 1
router-id 192.168.1.2
network 192.168.1.2 0.0.0.0 area 0
------------------------------------------------------
hostname TownHall2
!
interface lo0
description Mgmt
ip address 192.168.1.3 255.255.255.255
ip ospf network point-to-point
!
router ospf 1
router-id 192.168.1.3
network 192.168.1.3 0.0.0.0 area 0
-----------------------------------------------------
hostname PublicWorks
!
interface lo0
description Mgmt
ip address 192.168.1.4 255.255.255.255
ip ospf network point-to-point
!
router ospf 1
router-id 192.168.1.4
network 192.168.1.4 0.0.0.0 area 0
--------------------------------------------------------
hostname PD
!
interface lo0
description Mgmt
ip address 192.168.1.5 255.255.255.255
ip ospf network point-to-point
!
router ospf 1
router-id 192.168.1.5
network 192.168.1.5 0.0.0.0 area 0

 

[Jsteve]

sorry missed a route in TH2

hostname TownHall2
!
interface FastEthernet0
description connected to TownHall LAN
ip address 10.81.0.5 255.255.0.0
!
interface Serial0
description connected to PublicWorks
ip address 172.16.51.9 255.255.255.252
!
interface Serial1
description connected to ParkRec
ip address 172.16.51.13 255.255.255.252
!
router ospf 1
log-adjacency-changes
network 10.81.0.5 0.0.0.0 area 0
network 172.16.51.9 0.0.0.0 area 0
network 172.16.51.13 0.0.0.0 area 0

 

[burtsbees]

This is an example of what jsteve means by not posting snmp passwords---this example shows you how to crack the enable password...

enable password 7 0316541E120A33015E1E485744

Even encrypted, it's a weak encryption---this tool, written in perl I believe, can easily crack it...

http://insecure.org/sploits/cisco.passwords.html

Burt

 

[Tony414]

Yeah! Thought about that after. After I'm done I will go around and change them. Thanks