From: Ademola Osindero (osindero@xxxxxxxxxxxxxxxxx)
Date: Tue Nov 06 2001 - 05:15:26 GMT-3
Omer,
I have not tried this suggestion but this was what I learned from a
practice lab
Create an access-list that defines interesting traffic using
access-list 101 deny ip any 255.255.255.255 0.0.0.0
access-list 101 deny ip any 224.0.0.0 0.0.0.255
access-list 101 permit ip any any
Don't explicitly permit ospf packets, but just permit ip after denying
224.0.0.0 traffic.
Hope this works
Ademola
At 09:57 AM 11/6/2001 +0200, Ben-Shalom, Omer wrote:
>I know this is one of the most discussed issues in the past and I read
>through about 300 letter on this BUT
>
>The previous responses are sometimes conflicting and I don't see any
>solution for my problem.
>
>(for people who want to go straight to the real question look below at the
>!!!! line)
>to sum:
>
>I have 2 routers running only OSPF, they are connected via ISDN with dialer
>interfaces.
>
>The ISDN line keeps coming up immediately after it goes down, dial reason is
>sending to 244.0.0.5,
>
>I tried setting one or both sides to be demand circuit, in both cases both
>sides show that it is a demand circuit with show ip ospf interface.
>
>DNA is showing in database, dead time is empty.
>
>Everything looks OK but I always show that the router is sending periodic
>data such as
>4d22h: Di0 DDR: ip (s=150.100.100.1, d=224.0.0.5), 64 bytes
>
>and so on - every 40 seconds, in spite of this the ispf network type is
>point-to-point and show ip ospf int dialer 0 shows:
>
>Dialer0 is up, line protocol is up (spoofing)
> Internet Address 150.100.100.1/24, Area 0
> Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 1785
> Configured as demand circuit.
> Run as demand circuit.
> DoNotAge LSA allowed.
> Transmit Delay is 1 sec, State DOWN,
> Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
> Hello due in 00:00:39 (using PollInterval of 40)
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
>so I am at a loss as to why the router is sending hello every 40 seconds
>when it is
>clearly marked as a demand circuit with DoNotAge LSA allowd
>
>Changing the interesting traffic definition brings:
>
>Nov 6 09:35:32: Di0 DDR: ip (s=150.100.100.1, d=224.0.0.5), 64 bytes,
>outgoing uninteresting (list 102)
>Nov 6 09:36:12: Di0 DDR: ip (s=150.100.100.1, d=224.0.0.5), 64 bytes,
>outgoing uninteresting (list 102)
>(again every 40 seconds)
>
>but then the adjacency is going down after a while with the message:
>%OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Dialer0 from FULL to DOWN,
>Neighbor Down: Too many retransmissions on Demand Circuit
>
>Both routers are running 12.1
>
>setting the no peer route option on the interface removes the host route of
>the other end but does not change the situation in any way.
>
>defining demand circuit on one side or both, on dial interface and/or
>physical interface and so on makes no change.
>
>My configuration of one router below (the other is very similar)
>
>Any remarks on what to do to stop this are most welcome, I am really at a
>loss here
>
>Thanks
>
>Omer.
>
>------------- config follows -------------------
>
>version 12.1
>service timestamps debug datetime
>service timestamps log uptime
>no service password-encryption
>!
>hostname 3600-2
>!
>enable password cisco
>!
>username 2500-2 password 0 cisco
>username dspcbc password 0 cisco
>!
>!
>!
>!
>ip subnet-zero
>no ip domain-lookup
>!
>isdn switch-type basic-dms100
>!
>!
>crypto isakmp policy 10
> authentication pre-share
>crypto isakmp key cisco address 150.100.100.2
>!
>!
>crypto ipsec transform-set DSPC ah-md5-hmac esp-des
>!
>crypto map DSPC 10 ipsec-isakmp
> set peer 150.100.100.2
> set transform-set DSPC
> match address 101
>!
>interface Loopback0
> ip address 2.2.2.2 255.255.255.255
>!
>interface Tunnel10
> ip address 150.100.200.1 255.255.255.252
> shutdown
> tunnel source Dialer0
> tunnel destination 150.100.100.2
>!
>interface Serial0/0
> no ip address
> encapsulation frame-relay
> no fair-queue
> serial restart-delay 0
>!
>interface Ethernet1/0
> ip address 170.100.42.241 255.255.255.240
>!
>interface BRI2/0
> no ip address
> encapsulation ppp
> ip ospf demand-circuit
> dialer pool-member 1
> isdn switch-type basic-dms100
> no peer neighbor-route
> ppp authentication chap
> ppp multilink
> crypto map DSPC
>!
>interface Dialer0
> ip address 150.100.100.1 255.255.255.0
> encapsulation ppp
> ip ospf network point-to-point
> ip ospf demand-circuit
> dialer pool 1
> dialer remote-name dspcbc
> dialer string 9039271092
> dialer-group 1
> no peer neighbor-route
> ppp authentication chap
>!
>router ospf 1
> router-id 2.2.2.2
> log-adjacency-changes
> network 2.2.2.2 0.0.0.0 area 0
> network 150.100.100.1 0.0.0.0 area 0
>!
>ip classless
>ip http server
>!
>access-list 101 permit ospf any any
>access-list 101 permit ip any any
>access-list 101 permit igmp any any
>access-list 102 deny ip any host 224.0.0.5
>access-list 102 permit ip any any
>dialer-list 1 protocol ip list 102
>!
This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:05 GMT-3