This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ospf stuck in exstart state

ospf stuck in exstart state

Carlos_Maldona2
New Contributor II

‎03-19-2017 01:17 PM

I have a S8 Enterasys where I lost my OSPF neighbors with our Border router. When I do a sh ip ospf neighbors, it shows it in a ex-state. I have clear the process, taken it out and re-enter, but still on ex-state. I can ping the border router but can't get that connection. I have checked the interfaces, and uplink ports, all looks good.

Outside border interface:

interface vlan.0.100
description "insidevlan"
ip address xxx.xxx.xxx.x 255.255.255.240 primary
no shutdown
exit

Core interface:

interface vlan.0.302
description "InsideFirewall"
ip address xxx.xxx.xx.x 255.255.255.240 primary
vrrp create 2 v2-IPv4
vrrp address 2 xxx.xxx.xx.x
vrrp priority 2 254
vrrp host-mobility 2
no shutdown
exit

V302 goes to a C5 switch which then goes to the inside FW, goes out through outside FW to the border (S4 router) V100.

This all started when we converted our FW's to layer 3. Everything was working fine, except for some VPN issues which we than reverted back. Now the neighbors don't connect.

0 Kudos
11 REPLIES 11

Patrick_Koppen
Contributor

‎03-19-2017 05:08 PM

You may check the following:

show ip ospf interface
show ip ospf neigbours
show ip int brief

disable the interface, activate debugging (debug ip ospf adj or packets), enable the interface
and see what happends....

If there are only two routers, you should use point to point mode.

What do you mean with FW to L3?

You should not replace all parts of the ip with xxx.
0 Kudos

Carlos_Maldona2
New Contributor II

‎03-19-2017 04:17 PM

he are the configs:

border:

router ospf 1
router-id xxx.xxx.xxx.1
network xxx.xxx.xxx.x 0.0.0.15 area 0.0.0.0
network xxx.xxx.xxx.xx 0.0.0.15 area 0.0.0.0
redistribute bgp
log-adjacency
exit

router ospf 1
router-id xxx.xxx.xxx.xx
network xxx.xxx.xxx.xx 0.0.0.0.15 area 0.0.0.0
redistribute connected
log-adjacency
passive-interface default
no passive-interface vlan.0.302
exit

There are more networks but this is the one in question. All IP's match, don't want to expose them.

0 Kudos

Carlos_Maldona2
New Contributor II

‎03-19-2017 03:39 PM

Yes. All checks. The only thing I can see i that I can't ping multicast, 244.0.0.5 which is where OSPF uses for the hellos. I don't have any acl's on these interfaces.
0 Kudos

Stephane_Grosj1
Extreme Employee

‎03-19-2017 03:23 PM

Do you have the ospf config of both ends?

It's not clear to me what happened. Did you say ospf was between 2 S-series routers with a L2 FW in-between, then you converted that FW to L3 (in ospf with each S?), and back to L2 FW? I guess the ospf config has been modified a lot...

mtu, timers all checked?

0 Kudos

Carlos_Maldona2
New Contributor II

‎03-19-2017 02:59 PM

I checked, both are 1500
0 Kudos
GTM-P2G8KFN