Problem and solution when the OSPF status is abnormal

0

To solve the problem that the OSPF status between the firewall and the peer device cannot reach the Full state, perform the following steps:

1. Check the OSPF status.
Check whether the OSPF neighboring relationship can be established between the firewall and the peer device.

2. If no, check the security policy configuration.
Check whether the security policy control function for unicast packets is enabled. That is, check whether the firewall packet-filter basic-protocol enable command is configured. If yes, run the undo firewall packet-filter basic-protocol enable command to disable the function.

To establish an OSPF neighboring relationship, devices need to exchange DD packets. DD packets are OSPF unicast packets. By default, the forwarding of OSPF unicast packets is not controlled by security policies. However, if you run the firewall packet-filter basic-protocol enable command to enable the security policy control function for OSPF unicast packets, you need also to configure the corresponding security policy to allow the packets to be forwarded.

For details, see OSPF can not step into full state caused by security policy deny.

Other related questions:
Locating the fault when the MSTP status of a WLAN device is abnormal
When the MSTP status of a WLAN device is abnormal, perform the following operations to locate the fault: 1. Check whether configurations on each interface of the device are correct. The configurations of interfaces in the same MST domain must be the same. 2. Run the debugging stp [ interface interface-type interface-number ] packet { all | send | receive } command to check whether each interface properly sends and receives STP packets. 3. If the fault persists, collect log, alarm, and debugging information, and contact Huawei technical personnel.

Problem and solution when an OSPF route filtering policy does not take effect
The reason that an OSPF route filtering policy does not take effect is as follows: For example: User ---------- MA5200F ---------- Firewall---------- NE80 ---------- Internet Open Shortest Path First (OSPF) is run on three devices, and the firewall acts as the NAT device. The NE80E cannot learn routes to private network segments. Firewall configurations are as follows: acl number 2999 rule 5 deny source 10.0.0.0 0.255.255.255 /*Filtered private network segments*/ rule 10 deny source 192.168.0.0 0.0.255.255 /*Filtered private network segments*/ rule 15 permit ospf 1 filter-policy export 2999 area 0.0.0.0 network 218.206.107.220 0.0.0.3 The routing table of the NE80 still has routes to private network segments. [JSNJ-MB-CMNET-RT01-HJL_NE80]display ip routing-table 10.33.16.192 Destination/Mask Protocol Pre Cost Nexthop Interface 10.33.16.192/26 O_ASE 50 1 218.206.97.234 Ethernet5/0/13 0.0.0.0/0 STATIC 40 0 218.206.97.109 GigabitEthernet1/0/ The route policy in the OSPF view of the firewall that uses the VRP3.30 platform takes effect only for local routes, not the LSA transmitted by the firewall to the NE80. In conclusion, because OSPF is a dynamic routing protocol based on link status and routing information is expressed through link status, OSPF cannot filter advertised or received LSAs. The filter-policy import command filters the routes calculated by OSPF. Only routes that match the filtering conditions are added to the routing table. The filter-policy export command enables a device to filter routes advertised by the device. Only routes that match the filtering conditions can be advertised.

The status of the U1980 MRS board is abnormal.
1. Check whether the network segment of the MRS board is 168.168.0.10. 2. Run the show inner network command on the main control board to query the network segment of the board. 3. If the network segment of the MRS board is inconsistent with the internal network segment of the main control board, run the config inner network ip XXXX command to change the network segment of the MRS board to 168***, and then restart the U1900.

Solution when a RAID group is abnormal
Check the event information on ISM and determine the reason why the RAID group is degraded due to disk failures. Bit error isolation Note: Check whether there are events indicating excessive bit errors related to the disk. If yes, the disk may be isolated due to excessive bit errors. Troubleshooting: Analyze the SES log and determine why there are excessive bit errors. Disk fault Note: The disk fault cannot be rectified. As a result, accessing the disk fails and disk rejection occurs. Troubleshooting: Replace the faulty disk. Disk enclosures are offline. Note: If a RAID group consists of disks from different enclosures and disk enclosures are offline, the RAID group will be degraded or fail. Recommended action: Check whether the disk enclosures are offline.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top