Saturday, May 3, 2014

Troubleshooting JUNOS OSPF neighbor issue

Miss-match OSPF password

Wrong password, for troubleshooting wrong password it can only check for plain text password. For md5 encrypted password no way to check correct password by using monitor interface

The command that you can use to look into the packet is by using "monitor interface traffic"
run monitor traffic interface em1 size 1500 no-resolve detail  matching "ip proto ospf".

example of monitor interface traffic at router1

01:39:51.313067  In IP (tos 0xc0, ttl   1, id 32829, offset 0, flags [none], proto: OSPF (89), length: 64) 172.16.0.2 > 224.0.0.5: OSPFv2, Hello, length 44
        Router-ID 10.0.0.2, Backbone Area, Authentication Type: simple (1)
        Simple text password: ospfpass
        Options [External]
          Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.252, Priority 128
          Designated Router 172.16.0.2
01:39:53.669576 Out IP (tos 0xc0, ttl   1, id 31922, offset 0, flags [none], proto: OSPF (89), length: 64) 172.16.0.1 > 224.0.0.5: OSPFv2, Hello, length 44
        Router-ID 10.0.0.1, Backbone Area, Authentication Type: simple (1)
        Simple text password: ospfsecret
        Options [External]
          Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.252, Priority 128

In this example you see that "In IP" which is packet from router2(172.16.0.2) to multicast address 224.0.0.5(all router) with the simple text password of ospfpass, while router1 is sending password of ospfsecret as a password.


Miss-match OSPF area

This is sample output for miss-match OSPF area, router1 configured as an area 1 while router2 configured as backbone area(area 0)

01:54:17.550376 Out IP (tos 0xc0, ttl   1, id 32045, offset 0, flags [none], proto: OSPF (89), length: 64) 172.16.0.1 > 224.0.0.5: OSPFv2, Hello, length 44
        Router-ID 10.0.0.1, Area 0.0.0.1, Authentication Type: simple (1)
        Simple text password: ospfpass
        Options [External]
          Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.252, Priority 128
01:54:20.187402  In IP (tos 0xc0, ttl   1, id 32947, offset 0, flags [none], proto: OSPF (89), length: 68) 172.16.0.2 > 224.0.0.5: OSPFv2, Hello, length 48
        Router-ID 10.0.0.2, Backbone Area, Authentication Type: simple (1)
        Simple text password: ospfpass
        Options [External]
          Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.252, Priority 128
          Designated Router 172.16.0.2, Backup Designated Router 172.16.0.1
          Neighbor List:
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)