From: Sreeram (sreeram@paradise.net.nz)
Date: Tue Aug 15 2006 - 18:37:00 ART
Looks like MTU value (in OSPF packet) mismatch between Netscreen and the router.
Quoting sadia habib <cutesadia12@hotmail.com>:
> DEAR ALL
>
> I am trying to configure ospf between router and netscreen I am facing
> little problem!! while its remain in init state for ospf !! can any body
>
> help me ?
>
> i am copying the config
>
>
>
>
> set protocol ospf
> set enable
> set area 0.0.0.144
> set auth-server "Local" id 0
> set auth-server "Local" server-name "Local"
> set auth default auth server "Local"
> set admin http redirect
> set admin auth timeout 10
> set admin auth server "Local"
> set admin format dos
> set zone "Trust" vrouter "trust-vr"
> set zone "Untrust" vrouter "trust-vr"
> set zone "DMZ" vrouter "trust-vr"
> set zone "VLAN" vrouter "trust-vr"
> set zone "Trust" tcp-rst
> set zone "Untrust" block
> unset zone "Untrust" tcp-rst
> set zone "MGT" block
> set zone "DMZ" tcp-rst
> set zone "VLAN" block
> set zone "VLAN" tcp-rst
> unset zone "Untrust" screen tear-drop
> unset zone "Untrust" screen syn-flood
> unset zone "Untrust" screen ping-death
> unset zone "Untrust" screen ip-filter-src
> unset zone "Untrust" screen land
> set zone "V1-Untrust" screen tear-drop
> set zone "V1-Untrust" screen syn-flood
> set zone "V1-Untrust" screen ping-death
> set zone "V1-Untrust" screen ip-filter-src
> set zone "V1-Untrust" screen land
> set interface "ethernet0/0" zone "Trust"
> set interface "ethernet0/1" zone "DMZ"
> set interface "ethernet0/2" zone "Untrust"
> unset interface vlan1 ip
> set interface ethernet0/0 ip
> set interface ethernet0/0 route
> set interface ethernet0/2 ip
> set interface ethernet0/2 route
> unset interface vlan1 bypass-others-ipsec
> unset interface vlan1 bypass-non-ip
> set interface ethernet0/0 manage-ip
> set interface ethernet0/2 manage-ip
> set interface ethernet0/0 ip manageable
> set interface ethernet0/2 ip manageable
> unset interface ethernet0/0 manage telnet
> unset interface ethernet0/0 manage snmp
> set interface ethernet0/0 manage mtrace
> set interface ethernet0/2 manage ping
> set interface ethernet0/2 manage ssh
> set interface ethernet0/2 manage ssl
> set interface ethernet0/2 manage web
> set interface vlan1 manage mtrace
> unset flow no-tcp-seq-check
> set flow tcp-syn-check
> set hostname DCK
> set dbuf size 1024
> set ike respond-bad-spi 1
> set nsrp cluster id 1
> set nsrp cluster name DCK
> set nsrp rto-mirror sync
> set nsrp vsd-group id 0 priority 100
> set nsrp vsd-group id 0 preempt
> set nsrp secondary-path ethernet0/2
> set nsrp vsd-group id 0 monitor interface ethernet0/0
> set nsrp vsd-group id 0 monitor interface ethernet0/2
> set nsrp ha-link probe
> set pki authority default scep mode "auto"
> set pki x509 default cert-path partial
> set url protocol sc-cpa
> exit
> set nsmgmt bulkcli reboot-timeout 60
> set ssh version v2
> set ssh enable
> set config lock timeout 5
> set dl-buf size 4718592
> set vrouter "untrust-vr"
> set source-routing enable
> exit
>
> set vrouter "trust-vr"
> set router-id
> set source-routing enable
> exit
>
> set interface ethernet0/0 protocol ospf area 0.0.0.144
> set interface ethernet0/0 protocol ospf enable
> set interface ethernet0/0 protocol ospf priority 0
> set interface ethernet0/0 protocol ospf cost 1
> set vrouter "untrust-vr"
> exit
> set vrouter "trust-vr"
> exit
>
>
>
>
> ## 15:54:09 : ospf: send hello pkt on ethernet0/0 len 44
> ## 15:54:09 : ospf: process rx pak len 44 from 10.32.124.100 on
> ethernet0/0
> in vr trust-vr router-id 10.32.124.100
> ## 15:54:11 : ospf: process rx pak len 60 from 10.32.124.20 on
> ethernet0/0
> in vr trust-vr router-id 10.32.134.10
> ## 15:54:11 : ospf: recv pkt on ethernet0/0, 10.32.124.20->224.0.0.5
> ## 15:54:11 : ospf: invalid IP pak len 80, should be (ospf 48 + lls 3072
> +
> IP 20)
> ## 15:54:19 : ospf: send hello dr 0.0.0.0 bdr 0.0.0.0 active neighbors:
> ## 15:54:19 : ospf: send hello pkt on ethernet0/0 len 44
> ## 15:54:19 : ospf: process rx pak len 44 from 10.32.144.10 on
> ethernet0/0
> in vr trust-vr router-id 10.32.134.20
> ## 15:54:21 : ospf: process rx pak len 60 from 10.90.10.1on ethernet0/0
> in
> vr trust-vr router-id 10.132.134.10
> ## 15:54:21 : ospf: recv pkt on ethernet0/0, 10.90.10.1->224.0.0.5
> ## 15:54:21 : ospf: invalid IP pak len 80, should be (ospf 48 + lls 3072
> +
> IP 20)
> ## 15:54:29 : ospf: send hello dr 0.0.0.0 bdr 0.0.0.0 active neighbors:
> ## 15:54:29 : ospf: send hello pkt on ethernet0/0 len 44
> ## 15:54:29 : ospf: process rx pak len 44 from 10.32.144.10 on
> ethernet0/0
> in vr trust-vr router-id 10.32.144.10
> ## 15:54:31 : ospf: process rx pak len 60 from 10.90.10.1on ethernet0/0
> in
> vr trust-vr router-id 10.32.144.10
> ## 15:54:31 : ospf: recv pkt on ethernet0/0, 10.132.14.2->224.0.0.5
> ## 15:54:31 : ospf: invalid IP pak len 80, should be (ospf 48 + lls 3072
> +
> IP 20)
> ## 15:54:39 : ospf: send hello dr 0.0.0.0 bdr 0.0.0.0 active neighbors:
> ## 15:54:39 : ospf: send hello pkt on ethernet0/0 len 44
> ## 15:54:39 : ospf: process rx pak len 44 from 10.102.12.1 on
> ethernet0/0 in
> vr trust-vr router-id 10.32.144.10
> ## 15:54:41 : ospf: process rx pak len 60 from 10.90.10.1on ethernet0/0
> in
> vr trust-vr router-id 10.32.144.10
> ## 15:54:41 : ospf: recv pkt on ethernet0/0, 10.132.124.2->224.0.0.5
> ## 15:54:41 : ospf: invalid IP pak len 80, should be (ospf 48 + lls 3072
> +
> IP 20)
> ## 15:54:49 : ospf: send hello dr 0.0.0.0 bdr 0.0.0.0 active neighbors:
> ## 15:54:49 : ospf: send hello pkt on ethernet0/0 len 44
> ## 15:54:49 : ospf: process rx pak len 44 from 10.132.124.10 on
> ethernet0/0
> in vr trust-vr router-id 10.32.144.10
> ## 15:54:51 : ospf: process rx pak len 60 from 10.90.10.1on ethernet0/0
> in
> vr trust-vr router-id 10.132.142.10
> ## 15:54:51 : ospf: recv pkt on ethernet0/0, 10.2.114.2->224.0.0.5
> ## 15:54:51 : ospf: invalid IP pak len 80, should be (ospf 48 + lls 3072
> +
> IP 20)
>
> _________________________________________________________________
> On the road to retirement? Check out MSN Life Events for advice on how
> to
> get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:57 ART