00:00:00 - OSPF and Route Redistribution.
00:00:03 - Oh, I love OSPF. Laugh I am not supposed to say that because
00:00:11 - EIGRP is Cisco's protocol, right? Of course it is. However once
00:00:15 - you really get OSPF it's in...and this is the way I describe
00:00:19 - it... because I get asked this question all the time...they say...people...people
00:00:22 - will ask me... there you go. So..., Jeremy, what's better? OSPF
00:00:26 - or EIGRP? And, you know, I look at them and I say, "well, without
00:00:30 - a doubt, EIGRP is the best routing protocol on the planet simply
00:00:34 - because Cisco created it and after we get done laughing for a
00:00:37 - little bit, I say, no seriously, EIGRP is awesome, provides features
00:00:40 - OSPF can't do. For instance, summarization anywhere just based
00:00:44 - on the interface, you've got unequal load cost balancing. You've
00:00:48 - got the dual algorithm which allows you to move much faster than
00:00:51 - OSPF. And, and then if people say "well...if you've got a Cisco
00:00:54 - only environment, then why would you choose to run OSPF, because
00:00:56 - a lot of people are doing it". And I say: "honestly, I mean,
00:00:59 - there's a lot of factors that can go into that. I mean, I mean...let
00:01:01 - me first say that...but,
00:01:03 - OPSF, once you get it, it's just cool. You know, you, you, you
00:01:08 - get into it and you're going "this protocol is awesome. I...
00:01:12 - why, because it takes so much stuff to figure it out to do it
00:01:15 - right. So much designing...ok, this area is over here. How does
00:01:19 - it, how does that work, you know. OK, virtual links, I mean. It's
00:01:22 - so rich with complexity
00:01:25 - that once you get it, it's cool. Best way I can compare it. Subnetting.
00:01:30 - Right? When you, when you didn't get subnetting, you are kind
00:01:33 - of like "that is horrific. Why would I ever do subnetting. You
00:01:36 - know, I've got subnetting calculators; I never want to do subnetting.
00:01:38 - But once you got it...assuming you got it...you're like "Subnetting
00:01:43 - is awesome." Right? The first...the first job that you went after,
00:01:46 - after that, you, you subnetted them to...to "Hi, what happened?
00:01:50 - Every use of VLAN is like a /28 and you've segmented in, you
00:01:54 - created this massive subnetting just because.... I got it, and
00:01:56 - it's awesome and I want to work with binary and all that. It's
00:01:58 - always feels the same way, right? So nonetheless, I digress an
00:02:02 - OSPF, and it's wonders. Four scenarios based around OSPF and
00:02:06 - Route Redistribution. There is some EIGRPness in these puzzles.
00:02:09 - We've got, 1, 2, 3, which...what I want to do is, again, I haven't
00:02:14 - looked at any of the solutions or anything like that. But just
00:02:17 - looking at the scenarios: scenario 1, 2 and 3 are so closely
00:02:21 - related, I wanted to walk through them with you and then, work
00:02:25 - on them one by one, but with the knowledge of them all together.
00:02:28 - That didn't make any sense, right? So laugh, I just want to read
00:02:32 - them with you before we get started because what I want to keep
00:02:36 - in my mind is "what's going on with client 3? What's going on
00:02:39 - with client 1?" Because as we start solving client 2, I have
00:02:43 - a feeling we are going to run in some of the issues client 1
00:02:45 - and 3 are experiencing as well. So, I just want to have those
00:02:49 - in the back of our minds as we are doing this. Say, OK, maybe
00:02:51 - we can solve some of those puzzles as we work through, for instance,
00:02:55 - scenario 1.. And then scenario 4,
00:02:59 - we've got OSPF authentication failure, which is something that's
00:03:02 - unrelated to the first three. So I just kind of camp on that
00:03:05 - one and once we get there, we get there. I think one of the reasons
00:03:09 - I get so excited about OSPF...and it is, it is specific to this
00:03:12 - set of nuggets, is because of this. Now, I know it's not pretty
00:03:17 - but this is the network modifications that were made for this
00:03:21 - next series of trouble tickets that we are now going to troubleshoot.
00:03:24 - And, when I was doing this, I was having flashbacks, I was, I
00:03:28 - was just thinking...oh, my goodness, this is, this is just like
00:03:30 - the CCIE. It was like... As I was drawing it with my pen, I was,
00:03:35 - I was almost transported back to taking that CCIA exam with my
00:03:39 - scratch paper going..."OK, here he is. They want me to do what?
00:03:42 - They want me to redistribute between...huh?...why would I ever
00:03:45 - do that, you know? I wouldn't do that", and then, arguing with
00:03:48 - myself on how crazy this CCIA level exam is. And then of course
00:03:52 - Cisco saying that they revised the CCMP to really prepare people
00:03:56 - for the CCIA, I saw this and I thought "oh, it's true; they did
00:04:01 - it", Laugh, and that's what they are doing. Now, this series of
00:04:03 - trouble tickets, unlike the others, is a little different.
00:04:08 - Because, it starts off with a series of facts, like a scenario
00:04:12 - to begin these scenarios...meaning: up to know, the trouble tickets
00:04:15 - have been kind of I don't want to say is self-contained because
00:04:18 - they could affect each other but essentially, the scenario and
00:04:22 - the trouble ticket is presented to you all within the trouble
00:04:24 - ticket. Here, they gonna say: "OK, here is what's happened and
00:04:27 - now, based on what's happened, let's do some troubleshooting.
00:04:30 - So let me...let me read through and I'll bring up the general
00:04:32 - facts. I have an all other slide but I just wanted to keep it
00:04:34 - right here in the lab topology while I talk through this so I
00:04:38 - can draw and point at things. So, the company, this company that
00:04:42 - you work for is moving from EIGRP to OSPF in two phases. Phase
00:04:47 - 1, they are going to migrate the headquarters. So this group
00:04:51 - of devices over here, you know, that HQ, where OSPF Area 0 lands,
00:04:57 - is going to is going to inhabit
00:05:01 - OSPF. Phase 2 will be to migrate all the branch offices. And
00:05:05 - then again, the scenario implies that this branch office is just
00:05:08 - one of many. It just happens to be the first branch office they
00:05:12 - started to move over to EIG... Oh sorry to OSPF. So,
00:05:18 - today is Saturday. As you walk into this scenario. Engineering
00:05:22 - has been busy changing protocols. Essentially, phase 1, which
00:05:26 - is migrating the headquarters, is done. They...they've got that
00:05:29 - done, split into the different areas. Phase 2 is beginning. And
00:05:33 - you, the protocol senior engineer, are available to troubleshoot
00:05:39 - and verify their operation. So essentially, you're sitting here
00:05:43 - on staff, on Saturday, in order to decide which direction they
00:05:46 - want to go. Now, the company has made a decision,
00:05:50 - that, when you reach Sunday, you either need to make the decision
00:05:54 - to continue to move forward with OSPF or to roll back to EIGRP,
00:05:59 - saying "you know, this don't work out. Let's stay with EIGRP
00:06:02 - and all of that". So, so, this, it's, it's you know, an active
00:06:05 - migration. You're in the midst of it right now. The current branch
00:06:08 - office is a test site for how the future branch offices will
00:06:12 - work. And, if you imagine with me, you know, imagine other CRO
00:06:16 - route or maybe these CRO routers connected to other branch office
00:06:20 - out here...that are currently on EIGRP. What they are doing,
00:06:24 - they are using this branch office to test redistribution, to
00:06:28 - say, "OK, can we have EIGRP redistribute into OSPF and everything
00:06:33 - still work OK or, is it not going to work out?" EIGRP, now pardon
00:06:38 - me, OK -. So what they have, they've split this branch office.
00:06:44 - They've got some VLANs, and specifically VLAN 16 and 17 I just
00:06:49 - put 17 here because that's what our client is on and that's what
00:06:51 - we use for troubleshooting. Some VLANs are using BRO1 as a default
00:06:57 - gateway which means as part of the EIGRP-side of things. Other
00:07:01 - VLANs which include 18, 19 and 128 these guys have been made
00:07:05 - a part of OSPF Area 11 and are using BRO2 as a default gateway.
00:07:10 - So I only documented VLAN 18 because and that's why client 3
00:07:13 - is going to be a member of and we'll use him for testing. So,
00:07:16 - that's the puzzle that we are putting together, pieces of the
00:07:20 - puzzle that are active in this scenario. So now, here we are,
00:07:25 - it's Saturday, we get our first call. Scenario
00:07:30 - 1: After the OSPF/EIGRP/ redistribution implementation, Client
00:07:36 - 2 that's this guy out here cannot ping Server 1 that means this
00:07:43 - guy out here. Attempts to browse to http://isp3.tshoot.local
00:07:50 - also fail. OK. Well, I am just brainstorming right now, already
00:07:56 - thinking through some of the possibilities. Obviously, if this
00:08:00 - is a DNS name, I am assuming, Server 1 is the DNS server. So
00:08:04 - we can't even venture into resolving host names until the connection
00:08:09 - to Server 1 is repaired. So let's look at that guy first. It
00:08:14 - says Client 2 uses BRO1 as its default gateway which is good.
00:08:18 - That tells us that's in the EIGRP domain which is probably doing
00:08:22 - some redistribution action with OSPF and
00:08:25 - vice versa. So our job is to diagnose and resolve the problem,
00:08:30 - if possible. Of course it's possible! We are Cisco's superstars! So,
00:08:36 - I think the best place to start with this scenario is gonna be
00:08:40 - over on Client 2. Let's just start there. I opened an RDP connection
00:08:46 - too and beforehand so that I have it ready. So here is Client
00:08:51 - 2. Then I go "open a command prompt".
00:08:57 - And let's do an "ipconfig".
00:09:01 - Ok, good. That tells us he is getting an IP address, which is
00:09:06 - a good sign. Let's just ping his default gateway and make sure
00:09:08 - we are getting there as well...60.65.
00:09:12 - OK, that's good. It's a good start....Let's.... laugh
00:09:18 - You know what? With some of the previous scenarios, I am not
00:09:21 - taking the risk. Let's just ping straight through the Server
00:09:24 - 1 and see if that works. Bring Server 1 in the picture because
00:09:27 - I need his IP address.
00:09:31 - I got you. Captured.
00:09:34 - Let's go back over.
00:09:37 - Ping...laugh...I don't want to get too far down the road to troubleshooting
00:09:41 - when it really does work. OK. Oh...ok. So we just ping this server
00:09:48 - IP address but notice I don't know if you've gone through this
00:09:51 - experience before but most of the time when you ping something,
00:09:54 - you get "Request timed out. Request timed out. Request timed
00:09:57 - out." Then the reason that that happens is because, usually,
00:10:01 - the router that's in front of you thinks it knows how to get
00:10:03 - there. This is a little different. In this case, the router in
00:10:07 - front of you, meaning who is that BRO1 does not know how to get
00:10:12 - there because there is only two kinds of messages that can be
00:10:15 - returned: one is going to be the typical well I won't even say
00:10:18 - it's returned is the...I just put Request dot T Request Timed
00:10:23 - Out. The second is an ICMP I changed to a nice fatty marker here
00:10:30 - so I could draw lines through this and you are able to see it.
00:10:33 - So that's why my writing is so big here but ICMP unreachable,
00:10:38 - how do you spell it... unreach... Now here is the scoop coughing
00:10:42 - Excuse me. Typically, when you try to access a destination, it
00:10:46 - will go to your default gateway. Your gateway looks: oh, I've
00:10:49 - got a default router, and sends it on. Let's say somewhere down
00:10:52 - the line, let's say CRO1, doesn't know how to get to Server 1,
00:10:56 - well, if he drops the packets, what is going to do is send an
00:11:01 - ICMP Unreachable message to BRO1 saying "I don't know how to
00:11:05 - get there", but BRO1 never forwards those back, which is why
00:11:11 - in most situations, Client 2 will see Request timed out, Request
00:11:15 - Timed out. And it kind of hangs there while, you know what I
00:11:16 - am talking about, on that command prompt. It kind of hangs there.
00:11:19 - So in this case, it's not it's not doing that. It's coming right
00:11:23 - back saying "destination host unreachable". And you know what
00:11:25 - that tells me? That tells me BRO1
00:11:29 - doesn't know how to get there. So the packet is getting right
00:11:32 - here. BRO1 is like "I don't know how to get there". So he returns
00:11:36 - the message directly to Client 2 of ICMP Unreachable and that's
00:11:40 - where we get the destination message "unreachable". That's the
00:11:43 - whole key with these guys. They only go one router hop. So if
00:11:46 - you are any further than the router right in front of you, you
00:11:48 - are always going to see Request Timed Out. However, we're kind
00:11:51 - of lucky with this case because it points the finger immediately
00:11:53 - right at BRO1. Let's go there. Now, bring our
00:12:00 - ...now back at the picture here
00:12:03 - ...I was just
00:12:07 - using a Cisco IP communicator. I set up a little voice over IT
00:12:10 - lab, made a phone call to a friend of mine and, just for fun,
00:12:13 - I actually used Wireshark to capture the RTP packets of the phone
00:12:17 - call. And did you know you can actually use Wireshark and reassemble
00:12:20 - the whole conversation into an Au-file which you can convert
00:12:23 - to a WAY file. It's pretty cool. This is what I was doing this
00:12:26 - afternoon. It was fun. So, BRO1. Back to our Client who is offline
00:12:32 - we shouldn't talk about such things when Client 2 is offline
00:12:34 - . So, back to BRO1.
00:12:40 - Resize this connection. Let's go here and just do
00:12:45 - a do some of that... IP address on a clip board? Yeah. Let's
00:12:48 - do a ping, a ping right there. Yeah, we are not getting there.
00:12:51 - Let's do a show IP route and see if there is anything in the
00:12:54 - routing table. That
00:12:59 - routing table has...We've got we've got some D route. Now looking
00:13:05 - back at our diagram, we've got IEGRP running in this small area
00:13:10 - of the network and then everything else is OSPF. Now, if redistribution
00:13:13 - really was set up the way that they said it should be, we should
00:13:17 - see a whole bunch of external routes 'cause EIGRP has the ability
00:13:20 - to mark things as outside of the EIGRP domain. Look at that:
00:13:24 - right there! External. So it should say D EX which lets you know
00:13:28 - it's from outside. So something is not right with redistribution.
00:13:33 - I'm guessing these few routes are probably just like -f you look
00:13:35 - at them, they are all /30s. They are just probably in our EIGRP
00:13:40 - system. So, we've got an issue with redistribution. So let's see
00:13:44 - who's...Let's go to CRO1, he is a border router.
00:13:49 - In OSPF's terms, he is an area border router. So he would be
00:13:52 - doing the redistribution from OSPF to EIGRP. So could this guy.
00:13:57 - But let's, let's just start with CRO1 and begin there.
00:14:02 - Where is my Firefox? There we go. Bring CRO1 into the scene...
00:14:08 - Hello CRO1....Oh right, so let's see, if he can ping. Can you
00:14:18 - get there my friend? laugh I can't ping 52. I must have highlighted
00:14:23 - something on the clipboard.
00:14:28 - This...Right there...- Ping that guy. Ok, ok good. So CRO1 is
00:14:36 - getting there. So, there is definitely a redistribution problem.
00:14:40 - Let's do a "show run
00:14:44 - section router eigrp". OK. I am seeing redistribute OSPF 100.
00:14:55 - So I'm going also do a "show run section router ospf" and see
00:15:00 - his scenario. It should be OK. It looks like this guy is doing
00:15:05 - two-way redistribution. OK. Wait a sec. Hang on. Hang
00:15:13 - on. That's not
00:15:15 - enough. If you just type in "Redistribute ospf 100", EIGRP, as
00:15:20 - a matter of fact jumps back here. EIGRP does not have a default
00:15:24 - metric for routes. Both RIP
00:15:29 - and EIGRP failed the default metric test. So if I redistribute
00:15:34 - OSPF into EIGRP just like they are doing here, but I don't specify
00:15:38 - a metric, then they are going to come in with an infinite metric.
00:15:41 - I'll just put, you know, infinity.... So, the first router to
00:15:45 - get them is going to say those are invalid routes; so, I am not
00:15:47 - going to take them. I am just going to try that. Let's see if
00:15:52 - that solves anything. Now, I am looking the other way and they
00:15:54 - are doing the same thing here. But OSPF does have a default metric.
00:15:58 - I think it is 25, just nice random number. So we don't have to
00:16:02 - specify with OSPF but with EIGRP, we definitely do. That's a
00:16:05 - problem. So
00:16:07 - let's try that and just see if that makes any, any boats rock.
00:16:13 - What does that mean? Alright. So let's do a
00:16:19 - metric laugh. So when you specific the metric for EIGRP, it's
00:16:22 - like, hum...let's roll the dice... how about
00:16:26 - 1500? How about 0? How about
00:16:31 - 200? How about? Usually, I just do 10, 10, 10, 10, all the way
00:16:34 - across but, for fun, we'll change it up. You have to specify
00:16:40 - all these even though EIGRP only uses bandwidth with delay by
00:16:43 - default for the metric. This is one of the disadvantages of doing
00:16:47 - redistribution is you totally lose the accuracy of your metrics. So,
00:16:51 - OK, we've got that done now. Now let me just do a "show run router
00:16:57 - eigrp". OK, we are specifying metrics. Let's, let's go back.
00:17:00 - Let's go to BRO1 again. this guy.
00:17:05 - Here we go -. Let's do a "show ip route"
00:17:11 - now. Hey, there we go! That's what I'm talking about. We've got
00:17:16 - external routes, coming in left, and right. Good. Good, good,
00:17:20 - good, good, good. OK. OK. So, OK. So first off, we are missing
00:17:25 - a metric on redistribution router. So now, I am just, I'm curious.
00:17:30 - Let's do a ping again. So let's a
00:17:33 - ping...- why can't I remember this guy's IP address? There it
00:17:37 - is: 10.1.152.1. Hey, look at that! OK. Well let's see if that
00:17:47 - did it then. Let's go back over to our client, right here, and
00:17:51 - if the...
00:17:54 - OK...Puzzle number
00:17:56 - 2. What have we got here? We've got now Request timed out. So
00:18:02 - again, and we just verified that our router BRO1 can indeed.
00:18:07 - It's getting all the way there. And we know that Client 2 is
00:18:11 - getting to BRO1, but Client 2 can't get all the way there. So,
00:18:14 - you know what this tells me? This tells me, this tells me that
00:18:18 - Server 1 is not able to get back because again, we just verified:
00:18:23 - BRO1 can ping Server 1. Client 2 can ping that, so, so, again,
00:18:27 - Server 1 must be missing this subnet, or not able to reach that
00:18:32 - subnet from...from there. So
00:18:37 - let's...See, where to begin with that one?
00:18:41 - Let's...Let's start from his closest router. Let's go to CSW1.
00:18:44 - We know that
00:18:47 - CSW1, right here, is going to be his default gateway. And that...
00:18:50 - and we know that it can reach the outside interface of BRO1,
00:18:53 - just not this VLAN for whatever reason. So let's go over
00:18:59 - there. Take a road trip with me to CSW1.
00:19:06 - I wish SecureCRT would just open the right size every
00:19:11 - time...There we go. laugh I know someone out there just thought
00:19:14 - "I know how you can fix that". Yeah...I know. laugh Some global
00:19:19 - setting somewhere. But who has, who has the time? Who has the
00:19:23 - time... so, let's do a "show ip route" here. So, well I guess,
00:19:28 - let's... So he's getting some intra area route. But you know,
00:19:32 - I don't see any external routes
00:19:36 - on...on CSW1. Again, OSPF should show external routes as well
00:19:43 - if redistribution is indeed happening. It should be E1 or E2,
00:19:48 - right here... depending on the kind of redistribution. So something's
00:19:53 - up with the redistribution on
00:19:56 - CRO1. Let's go there
00:19:58 - again. CRO, CRO, CRO, CRO, CRO, CRO...Here we are.
00:20:03 - CRO1. Let's do a "show run"... because we had the router OSPF.
00:20:08 - OK. So what's going on? Let's
00:20:11 - see. Redistribute EIGRP
00:20:14 - 1. Why does that look
00:20:18 - short to me? Now, OSPF does have a default metric. So I know
00:20:22 - it's not that. But, let's just, hang on, let's just do a "redistribute
00:20:26 - eigrp 1" which is our autonomous system. Do a question
00:20:31 - mark. Metric. I wonder if we should set up a metric for greens.
00:20:37 - I forgot all about that
00:20:40 - guy. That's not good. Subnets, subnets, subnets. So the subnets
00:20:46 - will allow you to
00:20:48 - redistribute the subnets otherwise OSPF will do automatic redis...
00:20:52 - oh what am I saying? Automatic summarization to where, if you
00:20:56 - don't specify subnets, OSPF is going to try and send the entire
00:20:59 - Class A network of 10 which in this case isn't gonna happen because
00:21:04 - we've got all these subnets of tens of 000. So these guys will
00:21:08 - reject that router and are going to say "No, we don't believe
00:21:11 - you." Now that you have that... Hang on, let's try that. I am
00:21:15 - going to redistribute EIGRP1. Let's add
00:21:21 - subnets on there. Subnets. Now, it's not specifying a metric
00:21:23 - yet. See if that does anything. OK, so the key word is on there.
00:21:28 - Let's go over to CSW2. Take that road trip. No, CSW1. Or layer
00:21:33 - 3 switch. "Switch show ip route" now. Come on! Give me something.
00:21:40 - There! Oh! Look at that! We've got an external, external type
00:21:43 - 2 route. Hey, Hey? Why am I saying hey? It's like a Canadian,
00:21:47 - a Canadian hey? OK, OK good. So...Hang
00:21:54 - on...Hold the
00:21:58 - phone. Hey...Look at
00:22:01 - that! I love it! I love it when that works. OK. So... OK, so
00:22:05 - that's it. No, no, that's not it; that is not it. We still have
00:22:11 - this half of the puzzle. "Attempts to browse isp3.tshoot also
00:22:16 - fail. So maybe now that the DNS is resolved or, I should say
00:22:21 - the connection to ISP1 is resolved... as a matter of fact, I
00:22:24 - don't even
00:22:26 - know. I don't even know... wrong one there
00:22:33 - if the Server 1 is being used. OK, it is, it is the DNS server.
00:22:38 - So now that that's resolved, let's ping
00:22:45 - isp3.tshoot.local. See, I am so insecure, I'm into security,
00:22:47 - I am thinking IPS
00:22:49 - sensors. OK, OK.
00:22:52 - We are unreachable again. So this means
00:22:58 - that, well it means that BRO1 doesn't know how to get to
00:23:03 - ISP3. And BRO1 probably doesn't know how to get there I am guessing.
00:23:07 - If I remember that routing table, I don't think BRO1 where is
00:23:12 - it?...No...There we go I don't think BRO1 had default route.
00:23:16 - Did he?...Scroll down. Gateway of last resort is not set...I
00:23:22 - am just scrolling down to the bottom. We've got nothing! Alright.
00:23:28 - So...So we need a default route. And my thought is that they
00:23:34 - don't want us to statically put a router. Now, they didn't say
00:23:37 - it in the lab. But I am assuming they would not want that. They
00:23:39 - would want these ISP
00:23:42 - gateways to originate a default route into the
00:23:46 - system. So, let's go
00:23:50 - there. Start with IRO2 because it is closer to Client 2 and it
00:23:55 - has a 2 in its name. Alright, let's do a "show ip route". Let's
00:24:01 - see if that guy knows how to get there. He does have a static
00:24:06 - route. Now OSPF. In order to get OSPF to inject... well, where
00:24:09 - is his
00:24:12 - routes?...he's only got two OSPF routes. Is
00:24:19 - that good? Let's find out. Router
00:24:22 - OSPF. Oh
00:24:26 - right laugh. Meanwhile, while we are obviously on a 2600 series
00:24:32 - router, Ok, there we go. So we've got, let's see...Area
00:24:41 - 100. So, OK. So, we're running this. Nope, no passive interface.
00:24:44 - That one
00:24:47 - 129. Let's just do a "show sleepy neighbors"...OK, so he's
00:24:52 - connecting to CSW2 on
00:24:59 - FastEthernet 0/0....dot 129. I am assuming that that's his DNS
00:25:03 - interface. He's getting
00:25:05 - some routes. Let's
00:25:08 - check out...see what we've got. These guys are in OSPF Area 100,
00:25:12 - right? Let me see that again. So this 's Area 100. That's accurate.
00:25:17 - We're good. We're forming neighbors right? "Show ip
00:25:26 - OSPF neighbor". OK. We've got our default
00:25:31 - information originate. So why? Let's see if this command should
00:25:35 - be sending the default route into the system. Now you can throw
00:25:38 - it all in there. But that's only necessary if you don't have
00:25:41 - a default route yourself. Passive interface...I am just trying
00:25:46 - to put the pieces of the puzzle together. Let's go to over to
00:25:52 - CSW2 because IRO2 is forming a relationship with him. See if
00:25:55 - he has
00:25:57 - a default route. Now, I don't know why I just did that. "Show
00:26:05 - IP route", show sleepy neighbor, show
00:26:09 - IP route. We've got nothing. Why no default route? Gateway of
00:26:13 - last resort is not set. He's forming
00:26:18 - a relationship. How would he not send a
00:26:25 - default route? OK, let me just talk through this. What do we
00:26:27 - know? We
00:26:29 - know IRO2 does have a default route to the Ethernet which I,
00:26:34 - I didn't verify that but he has a default route in his table.
00:26:37 - Let's start there. We know he has a
00:26:40 - default route.
00:26:42 - We know he has a relationship with CSW2, right? because that
00:26:46 - was the only router he could possibly form a relationship with.
00:26:52 - Let's see. Who is that? 192
00:26:55 - dot 19.
00:27:03 - Check that.1...119...92 where
00:27:07 - are we at? 92 dot 13, is that
00:27:10 - what I said?
00:27:16 - No, 19, 19. Who's that neighbor relationship with? 220 dot 3,
00:27:21 - 10 dot
00:27:24 - 1 dot
00:27:29 - 192 dot 19. Who are you
00:27:33 - talking to? 192?
00:27:36 - No. 192 19?
00:27:38 - Have you seen it? But CDP is showing the only thing he sees via
00:27:45 - CDP is CSW2 and
00:27:47 - FAS Ethernet 0. Going into FAS Ethernet 2. Hang on, hang with
00:27:50 - me here for a second. I am going to do a show VLAN. Just see
00:27:57 - what, well it won't show up. "Show run
00:28:04 - interface FA0/ 2". OK. So native VLAN is 1000. Allowed VLAN
00:28:10 - 12 and 129. 12 and 129? That sounds right
00:28:17 - because he is running no passive interface. Let's take a look
00:28:21 - at that interface:
00:28:27 - "show run interface". Paste. What have we got? We've got
00:28:31 - transit, nat inside, dot 20. So this is VLAN 129. So may be am
00:28:36 - I just missing it? Hang on. VLAN 129. Oh, did I just
00:28:44 - not see that? 192
00:28:47 - dot 19, 192 dot 18. I didn't think of the HSRP. "Show
00:28:57 - run interface
00:28:59 - VLAN129". No, you're right, scratch that. It's not...so where
00:29:02 - is dot 19? Is that CSW1? Did they form a relationship over there
00:29:07 - even though it doesn't show up via CDP? It's kind of bizarre,
00:29:14 - guys. Let's see. Well, thank you very much. Oh wait, I already
00:29:20 - have a connection to him somewhere down on
00:29:25 - the list.
00:29:28 - There we go. No, he is not getting a default gateway, so let
00:29:31 - me just do a
00:29:33 - "show ip interface brief
00:29:37 - include VLAN 129". Yeah, that was a long shot laugh. Let's get
00:29:40 - the syntax in capitalization just right. VLAN, OK, no
00:29:46 - space. VLAN 129. 17. Where is dot 19
00:29:53 - coming from? I am just trying to find out who this neighbor is
00:29:56 - that he is seeing
00:30:00 - in his table. Again, CRO, what
00:30:06 - we've got. BRO. Let's do this. Let's
00:30:14 - go to IRO2 laugh. I've got to name these windows. I just flip
00:30:18 - them around constantly. Let's do a "show
00:30:22 - cdp neighbor detail". Who are you talking about? So here seems
00:30:25 - to be one. So 18. But he's forming a
00:30:31 - relationship with 19.Ping
00:30:37 - 19. Ping 18. Are
00:30:40 - these different people? Oh,
00:30:43 - OK. Ping
00:30:46 - 18. So let's
00:30:51 - do a
00:30:55 - "show arp". So look at that. We've got
00:31:00 - a mystery router. laugh. So dot 19 is coming from somewhere. But
00:31:03 - we don't know where. But that's OK; Maybe it's the ISP. Maybe
00:31:09 - it's...who knows! Who knows what that is. But for now, let's
00:31:12 - do this. Let's work on getting, if we need to... Let's figure
00:31:17 - this out. Let's do a "CSW2 show run
00:31:26 - section router ospf".
00:31:29 - Cisco upgrader switches. Alright.
00:31:34 - So.... Not
00:31:36 - include. Begin with. Alright. So, let's see. Router OSPF. We've
00:31:41 - got no path; So ok, it's running on
00:31:47 - there. 192 dot 9? Dot 18? Dot 18. Ok, this is good. We are forming
00:31:59 - in Area 100.
00:32:02 - What's the scoop? "Show
00:32:08 - ip OSPF neighbors". OK, so we're seeing somebody on VLAN 99,
00:32:14 - or VLAN
00:32:17 - 129 dot 17. And that
00:32:24 - is IRO2, right? No, he's
00:32:27 - dot 20. He's dot 20? This is impossible. We have a mystery device.
00:32:33 - Hang on, hang on. Let's do a lot of logging here. So we've got
00:32:38 - IRO2: he's dot 20, right?
00:32:43 - CSW1, he's dot 18. CSW... who's
00:32:54 - this guy? CSW1. He is... did I say
00:32:59 - 1 or 2 before?
00:33:04 - He's dot 17. Dot 17
00:33:10 - on VLAN 129. So we have a relationship
00:33:18 - between 20 and who?
00:33:22 - The problem..; 19, right? Is
00:33:27 - that 19? Show. And we're forming a relationship with dot 19.
00:33:30 - And they happen to be the BDR. Whoever
00:33:38 - router IDed that. "Show
00:33:44 - ip ospf database". Ok, just looking at which ones are
00:33:50 - who. OK. So this is the mysterious dot 1...Is it not IRO1? We
00:33:56 - form a relationship with
00:33:59 - IRO1? Hang on. Again, this is where that spreadsheet
00:34:03 - would come in handy. Alright, so let's do "show
00:34:08 - ip"...He's the only one I can think of that would be
00:34:12 - in that VLAN. OK. OK, so we're forming a relationship with him.
00:34:17 - So he is the missing piece, he's
00:34:20 - the missing link. Dot 19 is right there. So these guys have
00:34:26 - formed a relationship apparently. But, let's hang on. Let's look
00:34:30 - at him: "show
00:34:33 - ip ospf neighbor" but they are not forming a relationship with
00:34:37 - the layer 3 switches. Why would that be? So let's, ok, now we're
00:34:41 - going places. Let's
00:34:45 - look at IRO1: "show run
00:34:51 - section router ospf". And meanwhile, let's also look at CSW2.
00:34:56 - I'm just going to look through this line by line. So we've got
00:34:58 - no passive interface. So this is good. And it's definitely forming
00:35:03 - relationship on here. It's
00:35:06 - just ignoring... Hang on. What would cause it to
00:35:12 - ignore those relationships? May
00:35:15 - be if... no, that's Area 1. Area 1 authentication message-digest.
00:35:19 - So that's no worries. So
00:35:23 - VLAN 129. So: "show run
00:35:27 - interface VLAN 129". Nothing
00:35:34 - special under there. "248". I'm just kind of doing a comparison
00:35:37 - between the two.
00:35:41 - No passive interface. "Show
00:35:48 - run interface
00:35:50 - FA0/0.129". So same. Oh, why did they do that? Why would you
00:35:57 - do that? Why would you do something like that? OK. Is that the
00:36:04 - same way? "Show
00:36:10 - run interface
00:36:12 - FA0/0.129". Look at this! How did I not see that? Did I just miss
00:36:14 - that before? OK. Default Hello timers on OSPF are 10 seconds.
00:36:20 - And I did not see. Actually I know there was no modification
00:36:25 - on the hello times on OSPF on these guys. So these guys are forming
00:36:29 - relationships. These guys are just doing a 5 second hello timer.
00:36:32 - So they're forming relationships; So you know, I like the 5 second
00:36:38 - Hello timer better. I bet you, watch this: let's go for him.
00:36:44 - "Interface VLAN 129
00:36:48 - ip ospf, hello-interval
00:36:56 - 5". "Dead interval 15". Meanwhile, new neighbor. Won't you be
00:37:04 - my neighbor? Where are we at? Where're we at? Where are we
00:37:09 - at? Come on...laugh Trying to find the right window. No. OK,
00:37:14 - there we go. Let's
00:37:19 - go "interface VLAN"...let's just do "run
00:37:23 - interface VLAN 129". Make sure this guy is the same. That's what
00:37:25 - I thought.
00:37:29 - "Interface VLAN 129". IP OSPF hello...men, I should have documented
00:37:33 - those IP addresses long ago; I would have easily seen that. "15"...Change
00:37:42 - that to "dead". Alright. So change those OK. We've got new neighbors.
00:37:49 - Hello neighbor! Hello neighbor. Alright. New neighbors, 3 new
00:37:52 - neighbors. As we would hope
00:37:55 - them to be. Now, let's go back and do a
00:38:00 - "show ip route". See, now we are getting
00:38:04 - that default route that is been sent in via OSPF. Good. Load
00:38:08 - balanced between the two IRO routers. So this is good. We've
00:38:13 - got that coming through now. Let's go back over to the original.
00:38:17 - BRO1. Let's do a "show ip route" on him. And look, he now has
00:38:22 - a default gateway, right there. It's probably being redistributed
00:38:27 - but that's OK. Yes, external route. OK. So where were we? Let's
00:38:33 - now... I'm just going to go for gold here. Let's see
00:38:37 - if we can oups, dragging the wrong window see if we can
00:38:45 - ping this now. Man! Why do
00:38:48 - you not work? laugh Oh, you work! Yes, I love it! I love it!
00:38:53 - I am so glad 'cause totally by instinct, I would just press Control,
00:38:57 - see right there and troubleshoot my brains out. I'm so glad I
00:39:00 - took the moment away. Sometimes, the first thing fails simply
00:39:03 - of ARPA timed out, or whatever. Who knows why, but... Awesome.
00:39:08 - OK, that was good. Good scenario. So we've got now Server 1 ping
00:39:14 - able to reach isp3.tshoot.local, again, it saying browse but
00:39:20 - if I
00:39:22 - can ping it. I guess we can try and browse. It's just...if that
00:39:26 - doesn't work, we can just turn it over to the application guys.
00:39:31 - Because if I can ping it, my job
00:39:35 - here is done! And because I am on a virtual machine that's running
00:39:39 - with a 386 processor. Alright, so.., come on, come
00:39:46 - on...you can
00:39:56 - get there.
00:40:01 - http://isp3.tshoot.local. Beautiful! Welcome to the server in
00:40:05 - the Internet. laugh Thank you Nil. OK. So good. We are good with
00:40:10 - scenario one. Good grief, that took a little while. But that's
00:40:12 - alright. That was good. That was a lot of good stuff in there.
00:40:15 - Let's do a little debrief. What we've seen here is we have seen
00:40:20 - the Client 2 access failure with first off, an issue with redistribution
00:40:25 - to where we did not specify a seed metric for OSPF and EIGRP.
00:40:31 - So EIGRP routes come in with that default metric of infinity
00:40:35 - and so, are not accepted by the internal routers. Likewise, we
00:40:39 - did not add that subnets keyword, the other direction. So the
00:40:44 - OSPF router rejected the IEGRP summarized up because it said
00:40:47 - again, you are conflicting with a lot of my subnet mass coming
00:40:52 - in. IEGRP routes were not seen and so that resolves at least
00:40:57 - the one server connectivity issue. The Internet connectivity
00:41:01 - though was an interesting one because, again, just looking at
00:41:05 - the neighbor relationships forming, they shouldn't have been
00:41:07 - that way and there were mysterious IP addresses. But once we
00:41:10 - diagrammed it all out, we saw that the CSW switches were using
00:41:15 - different timers than
00:41:20 - the IRO routers. So, once we adjusted the timer, everybody formed
00:41:23 - a nice happy family relationship and our Internet access was
00:41:26 - restored. Now, I am wondering... I am wondering if this is gonna
00:41:30 - bleed through some of our other tickets because I know some of
00:41:34 - the other tickets were, you know, I can't access the internet
00:41:36 - and things like that. But we'll see. We may have solved other
00:41:39 - problems, just at the get go. But we'll pick that up in the next
00:41:43 - Nuggets. For now, I hope this has been informative for you and
00:41:45 - I want to thank for viewing.