OSPF Problem

OSPF Problem

OSPF Problem


So we have a Cisco 9300-24P that is not behaving as we would expect it to. There is OSPF on 3 VRFs, and two of them send all the routs through to the DEFAULT VRF. The problem, is that DEFAUNT VRF doesn't show the routes in show ip route ospf. It appears to be in the DB as a type 7, but is not in use. I am not the best when it comes to OSPF and I have tried looking at a few things but I can't seem to figure out why is isn't showing up. It sees the neighbor properly and says it is synced. I'm not sure where to go from here and I am hoping you can help.

version 16.12 no service pad service timestamps debug datetime msec show-timezone service timestamps log datetime msec service call-home no platform punt-keepalive disable-kernel-core hostname Random-Name vrf definition DISTRICT description DISTRICT rd 666:666 address-family ipv4 exit-address-family vrf definition LS-FW_BRIDGE description BRIDGE BETWEEN CONTENT FILTER AND FIREWALL rd 500:500 address-family ipv4 exit-address-family vrf definition Mgmt-vrf address-family ipv4 exit-address-family address-family ipv6 exit-address-family logging buffered 64000 logging console informational enable secret aaa new-model aaa group server radius rad1 ip vrf forwarding Mgmt-vrf ip radius source-interface GigabitEthernet0/0 aaa authentication login default group radius local aaa authentication enable default enable aaa accounting exec default aaa accounting commands 15 default aaa accounting connection default aaa session-id common clock timezone EST -5 0 switch 1 provision c9300-24ux call-home If contact email address in call-home is configured as sch-smart-licensing@cisco.com the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications. contact-email-addr sch-smart-licensing@cisco.com profile CiscoTAC-1 active destination transport-method http no destination transport-method email ip routing ip name-server 8.8.8.8 no ip domain lookup ip domain name contoso.com login on-success log no device-tracking logging theft clns routing crypto pki trustpoint TP-self-signed-1401024416 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1401024416 revocation-check none rsakeypair TP-self-signed-1401024416 crypto pki trustpoint SLA-TrustPoint enrollment pkcs12 revocation-check crl crypto pki certificate chain TP-self-signed-1401024416 certificate self-signed 01 3 quit crypto pki certificate chain SLA-TrustPoint certificate ca 01 3 quit system mtu 9000 license boot level network-advantage addon dna-advantage diagnostic bootup level minimal spanning-tree mode rapid-pvst spanning-tree extend system-id archive log config record rc logging enable logging size 1000 notify syslog contenttype plaintext hidekeys path flash:/backed.up.configs/$h.cfg maximum 14 write-memory memory free low-watermark processor 134384 redundancy mode sso transceiver type all monitoring vlan dot1q tag native vlan 1096 name Core_Ext vlan 1400 name FW_INSIDE vlan 1500 name DISTRICT_CORE class-map match-any system-cpp-police-ewlc-control description EWLC Control class-map match-any system-cpp-police-topology-control description Topology control class-map match-any system-cpp-police-sw-forward description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic class-map match-any system-cpp-default description EWLC Data, Inter FED Traffic class-map match-any system-cpp-police-sys-data description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed class-map match-any system-cpp-police-punt-webauth description Punt Webauth class-map match-any system-cpp-police-l2lvx-control description L2 LVX control packets class-map match-any system-cpp-police-forus description Forus Address resolution and Forus traffic class-map match-any system-cpp-police-multicast-end-station description MCAST END STATION class-map match-any system-cpp-police-high-rate-app description High Rate Applications class-map match-any system-cpp-police-multicast description MCAST Data class-map match-any system-cpp-police-l2-control description L2 control class-map match-any system-cpp-police-dot1x-auth description DOT1X Auth class-map match-any system-cpp-police-data description ICMP redirect, ICMP_GEN and BROADCAST class-map match-any system-cpp-police-stackwise-virt-control description Stackwise Virtual OOB class-map match-any non-client-nrt-class class-map match-any system-cpp-police-routing-control description Routing control and Low Latency class-map match-any system-cpp-police-protocol-snooping description Protocol snooping class-map match-any system-cpp-police-dhcp-snooping description DHCP snooping class-map match-any system-cpp-police-ios-routing description L2 control, Topology control, Routing control, Low Latency class-map match-any system-cpp-police-system-critical description System Critical and Gold Pkt class-map match-any system-cpp-police-ios-feature description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed policy-map system-cpp-policy interface Port-channel1 description DISTRICT_CORE_LACP switchport trunk allowed vlan 2307,1500 switchport mode trunk storm-control broadcast level 10.00 storm-control unicast level 10.00 interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf ip address dhcp negotiation auto interface GigabitEthernet1/0/1 description ISP_UPLINK switchport trunk allowed vlan 1096 switchport mode trunk interface GigabitEthernet1/0/2 description DL_NETWORK shutdown interface GigabitEthernet1/0/3 description FIREWALL_OUTSIDE no switchport vrf forwarding LS-FW_BRIDGE ip address 10.230.96.145 255.255.255.248 interface GigabitEthernet1/0/4 description DISTRICT_QnQ shutdown interface GigabitEthernet1/0/5 description FIREWALL_INSIDE switchport trunk allowed vlan 2306,1400 switchport mode trunk interface GigabitEthernet1/0/6 description shutdown interface GigabitEthernet1/0/7 description DISTRICT_CORE_1 switchport trunk allowed vlan 2307,1500 switchport mode trunk storm-control broadcast level 10.00 storm-control unicast level 10.00 channel-group 1 mode active interface GigabitEthernet1/0/8 description DISTRICT_CORE_2 switchport trunk allowed vlan 2307,1500 switchport mode trunk storm-control broadcast level 10.00 storm-control unicast level 10.00 channel-group 1 mode active interface GigabitEthernet1/0/9 shutdown interface GigabitEthernet1/0/10 description FIREWALL_MGMT switchport access vlan 1096 interface GigabitEthernet1/0/11 description UPS switchport access vlan 1096 interface GigabitEthernet1/0/12 description RELAY_ROCKET/KVM switchport access vlan 3500 interface GigabitEthernet1/0/13 description LIGHTSPEED_OUTSIDE no switchport ip address 10.230.96.162 255.255.255.248 interface GigabitEthernet1/0/14 description LIGHTSPEED_MGMT switchport access vlan 3500 interface GigabitEthernet1/0/15 description LIGHTPSEED_INSIDE no switchport vrf forwarding LS-FW_BRIDGE ip address 10.230.96.163 255.255.255.248 interface GigabitEthernet1/0/16 description LIGHTSPEED_PROXY_MGMT switchport access vlan 0 interface GigabitEthernet1/0/17 description shutdown interface GigabitEthernet1/0/18 description shutdown interface GigabitEthernet1/0/19 description shutdown interface GigabitEthernet1/0/20 description shutdown interface GigabitEthernet1/0/21 description shutdown interface GigabitEthernet1/0/22 description shutdown interface GigabitEthernet1/0/23 description shutdown interface GigabitEthernet1/0/24 description shutdown interface TenGigabitEthernet1/1/1 description ISP_UPLINK switchport trunk allowed vlan 1096 switchport mode trunk interface TenGigabitEthernet1/1/2 description DL_NETWORK shutdown interface TenGigabitEthernet1/1/3 description FIREWALL_OUTSIDE no switchport vrf forwarding LS-FW_BRIDGE ip address 10.230.96.145 255.255.255.248 interface TenGigabitEthernet1/1/4 description DISTRICT_QnQ shutdown interface TenGigabitEthernet1/1/5 description FIREWALL_INSIDE switchport trunk allowed vlan 2306,1400 switchport mode trunk interface TenGigabitEthernet1/1/6 description shutdown interface TenGigabitEthernet1/1/7 description DISTRICT_CORE_1 switchport trunk allowed vlan 2307,1500 switchport mode trunk storm-control broadcast level 10.00 storm-control unicast level 10.00 channel-group 1 mode active interface TenGigabitEthernet1/1/8 description DISTRICT_CORE_2 switchport trunk allowed vlan 2307,1500 switchport mode trunk storm-control broadcast level 10.00 storm-control unicast level 10.00 channel-group 1 mode active interface Vlan1 no ip address shutdown interface vlan1400 vrf forwarding DISTRICT ip address 10.230.96.155 255.255.255.248 description FW_INSIDE interface vlan1500 vrf forwarding DISTRICT ip address 10.230.96.170 255.255.255.248 description DISTRICT_CORE interface vlan1096 ip address 10.230.96.4 255.255.255.128 description NEW_CORE_MGMT ip mtu 8986 interface vlan3500 ip address 10.230.96.155 255.255.255.248 description Lightspeed_Management router ospf 500 vrf LS-FW_BRIDGE area 1096 nssa redistribute connected redistribute static network 10.230.96.144 0.0.0.7 area 1096 network 10.230.96.160 0.0.0.7 area 1096 bfd all-interfaces router ospf 666 vrf DISTRICT area 1096 nssa redistribute connected redistribute static network 10.230.96.152 0.0.0.7 area 1096 bfd all-interfaces router ospf 15 router-id 10.230.96.4 area 1096 nssa redistribute connected redistribute static network 10.230.96.0 0.0.0.127 area 1096 network 10.230.96.160 0.0.0.7 area 1096 bfd all-interfaces ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip route 0.0.0.0 0.0.0.0 10.230.96.1 ip route vrf LS-FW_BRIDGE 0.0.0.0 0.0.0.0 10.230.96.162 ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 10.64.128.1 ip route vrf DISTRICT 10.161.0.0 255.255.0.0 10.230.96.171 ip route vrf DISTRICT 10.176.107.0 255.255.255.0 10.230.96.171 ip route vrf DISTRICT 10.177.248.0 255.255.255.0 10.230.96.171 ip route vrf DISTRICT 172.18.2.0 255.255.255.0 10.230.96.171 ip route vrf DISTRICT 172.18.3.0 255.255.255.0 10.230.96.171 ip route vrf DISTRICT 172.18.4.0 255.255.255.0 10.230.96.171 ip route vrf DISTRICT 172.18.156.0 255.255.252.0 10.230.96.171 ip route vrf DISTRICT 172.23.181.0 255.255.255.0 10.230.96.171 ip route vrf DISTRICT 172.23.182.0 255.255.254.0 10.230.96.171 ip route vrf DISTRICT 192.168.57.0 255.255.255.0 10.230.96.171 ip route vrf DISTRICT 192.168.58.0 255.255.255.0 10.230.96.171 ip route vrf DISTRICT 10.168.192.0 255.255.192.0 10.254.255.102 ip route vrf DISTRICT 10.169.0.0 255.255.224.0 10.254.255.102 ip route vrf DISTRICT 10.170.0.0 255.254.0.0 10.254.255.102 ip route vrf DISTRICT 10.172.0.0 255.252.0.0 10.254.255.102 ip route vrf DISTRICT 192.30.126.0 255.255.254.0 10.254.255.102 ip route vrf DISTRICT 172.25.168.0 255.255.255.248 10.230.96.153 ip route vrf DISTRICT 0.0.0.0 0.0.0.0 10.230.96.153 ip ssh maxstartups 32 ip ssh version 2 radius server rad1 address ipv4 10.224.5.200 auth-port 1812 acct-port 1813 non-standard key Stuff control-plane service-policy input system-cpp-policy banner login ^CC Access to this device is limited to authorized users only. WARNING: ALL unauthorized access is prohibited. ^C line con 0 stopbits 1 line vty 0 4 exec-timeout 0 0 privilege level 15 logging synchronous transport input ssh transport output telnet ssh line vty 5 15 exec-timeout 0 0 privilege level 15 logging synchronous transport input ssh transport output ssh end 

Here is the greatest artistic rendition of how things are set up. We have also tried removing the one VRF entirely and the problem remains.

submitted by /u/williamfny
[comments]

Leave a Reply

Your email address will not be published. Required fields are marked *