Re: ospf strange problem !!!
From: Israel Gonzalez (israelgq@gmail.com)
Date: Tue Aug 15 2006 - 19:18:18 ART
Hi Sadia,
If there is not a MTU related problem, try disabling the lls capability
under the OSPF process on your cisco router by doing this
router ospf X
no capability lls.
Hope that works!
On 8/15/06, Elias Chari <elias.chari@gmail.com> wrote:
>
> Two major Service Providers I have worked for have chosen the Netscreen
> over
> the PIX (plus other vendors products) for their production
> network, following extensive tests, in which the Netscreen outperformed
> the
> PIX in most areas.
>
> Personally I would chose the Nokia Checkpoint for Corporate deployment and
> the Netsceen for production environments where high performance and the
> concept of Virtual Systems and Virtual Routers are required.
>
> Rgds
> elias
>
>
> On 8/15/06, sadia habib <cutesadia12@hotmail.com> wrote:
> >
> > well i was not expecting that bogus answer from you!!! come on dont deny
> > the
> > netscreen value compare to pix!! reality is pix is good only to test in
> > CCIE security LAb !!! no comments !
> >
> > >From: "Brian Dennis" <bdennis@internetworkexpert.com>
> > >To: "sadia habib" < cutesadia12@hotmail.com>
> > >CC: <ccielab@groupstudy.com>
> > >Subject: RE: ospf strange problem !!!
> > >Date: Tue, 15 Aug 2006 17:19:09 -0400
> > >
> > >Follow these 4 easy steps to fix your issue:
> > >
> > >1) Unplug the Netscreen's power
> > >2) Take the Netscreen out of the rack
> > >3) Walk over to the nearest trashcan and throw the Netscreen in (see
> note
> > >below)
> > >4) Call your local Cisco SE and get them to send you a Cisco PIX
> firewall
> >
> > >
> > >Note: Your trashcan may already be full of other Juniper products along
> > >with some Juniper stock so you may need to look for an empty trash can
> > >
> > >HTH,
> > >
> > >Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
> > >bdennis@internetworkexpert.com
> > >
> > >Internetwork Expert, Inc.
> > >http://www.InternetworkExpert.com <http://www.internetworkexpert.com/>
> > >Toll Free: 877-224-8987
> > >Direct: 775-745-6404 (Outside the US and Canada)
> > >
> > >
> > >-----Original Message-----
> > >From: nobody@groupstudy.com [mailto: nobody@groupstudy.com] On Behalf
> Of
> > >sadia habib
> > >Sent: Tuesday, August 15, 2006 1:19 PM
> > >To: juniper-nsp@puck.nether.net
> > >Cc: ccielab@groupstudy.com
> > >Subject: ospf strange problem !!!
> > >
> > >DEAR ALL
> > >
> > >I am trying to configure ospf between router and netscreen I am facing
> > >little problem!! while its remain in init state for ospf !! can any
> body
> >
> > >help me ?
> > >
> > >i am copying the config
> > >
> > >
> > >
> > >
> > >set protocol ospf
> > >set enable
> > >set area 0.0.0.144
> > >set auth-server "Local" id 0
> > >set auth-server "Local" server-name "Local"
> > >set auth default auth server "Local"
> > >set admin http redirect
> > >set admin auth timeout 10
> > >set admin auth server "Local"
> > >set admin format dos
> > >set zone "Trust" vrouter "trust-vr"
> > >set zone "Untrust" vrouter "trust-vr"
> > >set zone "DMZ" vrouter "trust-vr"
> > >set zone "VLAN" vrouter "trust-vr"
> > >set zone "Trust" tcp-rst
> > >set zone "Untrust" block
> > >unset zone "Untrust" tcp-rst
> > >set zone "MGT" block
> > >set zone "DMZ" tcp-rst
> > >set zone "VLAN" block
> > >set zone "VLAN" tcp-rst
> > >unset zone "Untrust" screen tear-drop
> > >unset zone "Untrust" screen syn-flood
> > >unset zone "Untrust" screen ping-death
> > >unset zone "Untrust" screen ip-filter-src unset zone "Untrust" screen
> > land
> > >set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen
> > >syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust"
> > >screen ip-filter-src set zone "V1-Untrust" screen land set interface
> > >"ethernet0/0" zone "Trust"
> > >set interface "ethernet0/1" zone "DMZ"
> > >set interface "ethernet0/2" zone "Untrust"
> > >unset interface vlan1 ip
> > >set interface ethernet0/0 ip
> > >set interface ethernet0/0 route
> > >set interface ethernet0/2 ip
> > >set interface ethernet0/2 route
> > >unset interface vlan1 bypass-others-ipsec unset interface vlan1
> > >bypass-non-ip set interface ethernet0/0 manage-ip set interface
> > ethernet0/2
> > >manage-ip set interface ethernet0/0 ip manageable set interface
> > ethernet0/2
> > >ip manageable unset interface ethernet0/0 manage telnet unset interface
> > >ethernet0/0 manage snmp set interface ethernet0/0 manage mtrace set
> > >interface ethernet0/2 manage ping set interface ethernet0/2 manage ssh
> > set
> > >interface ethernet0/2 manage ssl set interface ethernet0/2 manage web
> set
> > >interface vlan1 manage mtrace unset flow no-tcp-seq-check set flow
> > >tcp-syn-check set hostname DCK set dbuf size 1024 set ike
> respond-bad-spi
> > 1
> > >set nsrp cluster id 1 set nsrp cluster name DCK set nsrp rto-mirror
> sync
> > >set nsrp vsd-group id 0 priority 100 set nsrp vsd-group id 0 preempt
> set
> > >nsrp secondary-path ethernet0/2 set nsrp vsd-group id 0 monitor
> interface
> > >ethernet0/0 set nsrp vsd-group id 0 monitor interface ethernet0/2 set
> > nsrp
> > >ha-link probe set pki authority default scep mode "auto"
> > >set pki x509 default cert-path partial
> > >set url protocol sc-cpa
> > >exit
> > >set nsmgmt bulkcli reboot-timeout 60
> > >set ssh version v2
> > >set ssh enable
> > >set config lock timeout 5
> > >set dl-buf size 4718592
> > >set vrouter "untrust-vr"
> > >set source-routing enable
> > >exit
> > >
> > >set vrouter "trust-vr"
> > >set router-id
> > >set source-routing enable
> > >exit
> > >
> > >set interface ethernet0/0 protocol ospf area 0.0.0.144 set interface
> > >ethernet0/0 protocol ospf enable set interface ethernet0/0 protocol
> ospf
> > >priority 0 set interface ethernet0/0 protocol ospf cost 1 set vrouter
> > >"untrust-vr"
> > >exit
> > >set vrouter "trust-vr"
> > >exit
> > >
> > >
> > >
> > >
> > >## 15:54:09 : ospf: send hello pkt on ethernet0/0 len 44 ## 15:54:09 :
> > >ospf: process rx pak len 44 from 10.32.124.100 on ethernet0/0 in vr
> > >trust-vr router-id 10.32.124.100 ## 15:54:11 : ospf: process rx pak len
> > 60
> > >from 10.32.124.20 on ethernet0/0 in vr trust-vr router-id 10.32.134.10##
> > >15:54:11 : ospf: recv pkt on ethernet0/0, 10.32.124.20->224.0.0.5 ##
> > >15:54:11 : ospf: invalid IP pak len 80, should be (ospf 48 + lls 3072 +
> > IP
> > >20) ## 15:54:19 : ospf: send hello dr 0.0.0.0 bdr 0.0.0.0 active
> > neighbors:
> > >## 15:54:19 : ospf: send hello pkt on ethernet0/0 len 44 ## 15:54:19 :
> > >ospf: process rx pak len 44 from 10.32.144.10 on ethernet0/0 in vr
> > trust-vr
> > >router-id 10.32.134.20 ## 15:54:21 : ospf: process rx pak len 60 from
> > >10.90.10.1on ethernet0/0 in vr trust-vr router-id 10.132.134.10 ##
> > 15:54:21
> > >: ospf: recv pkt on ethernet0/0, 10.90.10.1->224.0.0.5 ## 15:54:21 :
> > ospf:
> > >invalid IP pak len 80, should be (ospf 48 + lls 3072 + IP 20) ##
> 15:54:29
> > :
> > >ospf: send hello dr 0.0.0.0 bdr 0.0.0.0 active neighbors:
> > >## 15:54:29 : ospf: send hello pkt on ethernet0/0 len 44 ## 15:54:29 :
> > >ospf: process rx pak len 44 from 10.32.144.10 on ethernet0/0 in vr
> > trust-vr
> > >router-id 10.32.144.10 ## 15:54:31 : ospf: process rx pak len 60 from
> > >10.90.10.1on ethernet0/0 in vr trust-vr router-id 10.32.144.10 ##
> > 15:54:31
> > >: ospf: recv pkt on ethernet0/0, 10.132.14.2->224.0.0.5 ## 15:54:31 :
> > ospf:
> > >invalid IP pak len 80, should be (ospf 48 + lls 3072 + IP 20) ##
> 15:54:39
> > :
> > >ospf: send hello dr 0.0.0.0 bdr 0.0.0.0 active neighbors:
> > >## 15:54:39 : ospf: send hello pkt on ethernet0/0 len 44 ## 15:54:39 :
> > >ospf: process rx pak len 44 from 10.102.12.1 on ethernet0/0 in vr
> > trust-vr
> > >router-id 10.32.144.10 ## 15:54:41 : ospf: process rx pak len 60 from
> > >10.90.10.1on ethernet0/0 in vr trust-vr router-id 10.32.144.10 ##
> > 15:54:41
> > >: ospf: recv pkt on ethernet0/0, 10.132.124.2->224.0.0.5 ## 15:54:41 :
> > >ospf: invalid IP pak len 80, should be (ospf 48 + lls 3072 + IP 20) ##
> > >15:54:49 : ospf: send hello dr 0.0.0.0 bdr 0.0.0.0 active neighbors:
> > >## 15:54:49 : ospf: send hello pkt on ethernet0/0 len 44 ## 15:54:49 :
> > >ospf: process rx pak len 44 from 10.132.124.10 on ethernet0/0 in vr
> > >trust-vr router-id 10.32.144.10 ## 15:54:51 : ospf: process rx pak len
> 60
> >
> > >from 10.90.10.1on ethernet0/0 in vr trust-vr router-id 10.132.142.10 ##
> > >15:54:51 : ospf: recv pkt on ethernet0/0, 10.2.114.2->224.0.0.5 ##
> > 15:54:51
> > >: ospf: invalid IP pak len 80, should be (ospf 48 + lls 3072 + IP 20)
> > >
> > >_________________________________________________________________
> > >On the road to retirement? Check out MSN Life Events for advice on how
> to
> >
> > >get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
> > >
> > >_______________________________________________________________________
> > >Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
> >
> > _________________________________________________________________
> > Don�t just search. Find. Check out the new MSN Search!
> > http://search.msn.click-url.com/go/onm00200636ave/direct/01/
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4
: Fri Sep 01 2006 - 15:41:57 ART