1
00:00:00,630 --> 00:00:00,870
Okay.

2
00:00:00,870 --> 00:00:03,300
So let's have a look at the Wireshark capture.

3
00:00:03,690 --> 00:00:06,190
Here's the IP address of one of the routers.

4
00:00:06,210 --> 00:00:09,000
Ten one, three, two, five, one.

5
00:00:09,300 --> 00:00:13,230
And that route is sending a multicast to 224005.

6
00:00:13,260 --> 00:00:19,500
He has the other router ten 132 sending a multicast to the same destination IP address.

7
00:00:20,560 --> 00:00:20,890
Again.

8
00:00:20,890 --> 00:00:23,620
I'm going to go a little bit more in detail here.

9
00:00:23,650 --> 00:00:25,180
Hopefully you'll learn something.

10
00:00:25,390 --> 00:00:26,890
Source Mac addresses this.

11
00:00:26,890 --> 00:00:31,740
That's the destination Mac address for OSPF at layer two.

12
00:00:31,750 --> 00:00:33,700
So this is the layer two frame.

13
00:00:34,090 --> 00:00:43,360
So the vendor portion is 01005e host portion starts with a zero followed by 23 bits taken from the IP

14
00:00:43,360 --> 00:00:43,990
address.

15
00:00:44,470 --> 00:00:51,310
So if you look at these 24 bits first, but are set to zero, then remaining 23 bits is the actual IP

16
00:00:51,310 --> 00:00:51,850
address.

17
00:00:51,850 --> 00:00:53,800
In this case, it works out to be the same.

18
00:00:53,800 --> 00:00:56,350
So 000005.

19
00:00:57,010 --> 00:01:03,820
That is the multicast mac address for the IP version for OSPF multicast address.

20
00:01:04,390 --> 00:01:04,720
Okay.

21
00:01:04,750 --> 00:01:07,630
Type at layer two is zero 800.

22
00:01:07,630 --> 00:01:13,450
That means IP version for so layer three, we see IP version four, source IP address, destination

23
00:01:13,450 --> 00:01:14,470
IP address.

24
00:01:15,670 --> 00:01:23,800
We see information such as DHCP, once again, very important traffic here clause select a six, one

25
00:01:23,800 --> 00:01:30,820
of the highest types of traffic from a quality of service point of view, more important than voice

26
00:01:30,820 --> 00:01:33,760
of IP video or any other type of traffic.

27
00:01:33,760 --> 00:01:35,200
Very important traffic.

28
00:01:36,590 --> 00:01:43,640
Scrolling down now through the Wireshark capture source IP address, destination IP address protocol

29
00:01:43,640 --> 00:01:45,800
at layer three is OSPF.

30
00:01:45,800 --> 00:01:53,060
So in other words, the protocol used at layer four, as we can see here, is OSPF or open shortest

31
00:01:53,060 --> 00:01:53,360
path.

32
00:01:53,360 --> 00:01:56,870
First let's have a look in the header.

33
00:01:57,080 --> 00:01:59,510
It's OSPF version two.

34
00:01:59,510 --> 00:02:00,890
It's a hello packet.

35
00:02:00,920 --> 00:02:04,760
Here is the OSPF router source IP address.

36
00:02:04,760 --> 00:02:07,820
In other words, that's the IP address on this interface.

37
00:02:08,300 --> 00:02:11,150
OSPF area ID is backbone.

38
00:02:11,150 --> 00:02:19,580
So area zero checksum is there password is set to the so we can actually see the password in the advertisement.

39
00:02:19,610 --> 00:02:25,670
I'm going to jump to the other router and see if I can see a problem version is the same.

40
00:02:25,670 --> 00:02:26,900
It's a hello.

41
00:02:27,350 --> 00:02:29,180
First problem is right here.

42
00:02:29,300 --> 00:02:37,490
Notice area id so first router backbone area second router area id is wrong.

43
00:02:37,490 --> 00:02:38,510
That is a problem.

44
00:02:38,870 --> 00:02:45,980
OSPF routers will not form neighbor relationships if the area IDs are incorrect, the area numbers have

45
00:02:45,980 --> 00:02:46,850
to be the same.

46
00:02:47,880 --> 00:02:48,480
Notice.

47
00:02:48,480 --> 00:02:52,560
Also here, passwords are different.

48
00:02:52,920 --> 00:02:57,900
So simple password authentication is used in both cases.

49
00:02:57,900 --> 00:03:03,690
So in case I'm going to quickly notice, this is rather 1251.

50
00:03:03,810 --> 00:03:05,910
Simple password authentication is used.

51
00:03:05,910 --> 00:03:08,760
That is the password he has rather two.

52
00:03:10,000 --> 00:03:14,830
Notice the IP address to five t simple password authentication is used, so that's good.

53
00:03:14,950 --> 00:03:16,650
But notice the password is wrong.

54
00:03:16,660 --> 00:03:21,700
This is uppercase OSPF, whereas the previous one is lowercase OSPF.

55
00:03:21,700 --> 00:03:25,570
Passwords need to match for authentication to succeed.

56
00:03:25,870 --> 00:03:27,550
So that is a problem.

57
00:03:27,940 --> 00:03:35,230
And we have another problem, backbone area versus area one as soon as we see that there's a problem.

58
00:03:35,500 --> 00:03:39,370
So to prove this, what I'll do is fix the network.

59
00:03:40,490 --> 00:03:42,020
So here's rather one.

60
00:03:42,730 --> 00:03:46,420
He has brought it to the let's fix the network and get it working.

61
00:03:47,110 --> 00:03:48,340
So first thing.

62
00:03:48,370 --> 00:03:49,780
Show IP route.

63
00:03:49,810 --> 00:03:52,850
Notice we don't see OSPF routes in the routing table.

64
00:03:52,870 --> 00:03:55,720
That tells us that there's a problem in the network.

65
00:03:56,230 --> 00:04:00,390
On this side we are already seeing a whole bunch of error messages.

66
00:04:00,400 --> 00:04:03,140
Notice mismatched area, backbone area.

67
00:04:03,160 --> 00:04:08,290
So just by looking at the console of the router, we'll be able to see that there's a problem.

68
00:04:09,040 --> 00:04:15,850
Show IP route also shows us that there are no OSPF routes in the routing table and we're getting this

69
00:04:15,850 --> 00:04:17,320
message constantly.

70
00:04:17,860 --> 00:04:20,800
So if we use the command show run pipe.

71
00:04:21,550 --> 00:04:22,600
Section.

72
00:04:22,940 --> 00:04:30,250
OSPF will be able to see the OSPF configuration or copy that and paste that into router one.

73
00:04:31,770 --> 00:04:39,030
So notice here we've got OSPF router OSPF two router OSPF one.

74
00:04:39,030 --> 00:04:40,140
That's fine.

75
00:04:40,140 --> 00:04:42,510
They don't have to use the same process number.

76
00:04:43,290 --> 00:04:49,230
Both Area zero and Area one in this example are using authentication on this route.

77
00:04:49,260 --> 00:04:57,630
On the right hand side, all ten networks are an area one show IP interface brief shows us that the

78
00:04:57,630 --> 00:05:01,230
routers configured with interfaces in the Ten Network.

79
00:05:01,350 --> 00:05:07,470
So if I run that command again show run pipe section OSPF which shows us the OSPF configuration on the

80
00:05:07,470 --> 00:05:07,980
router.

81
00:05:08,730 --> 00:05:17,160
Both these interfaces, gigabit zero zero and gigabit zero one are going to be put into Area one, whereas

82
00:05:17,160 --> 00:05:21,930
on this side, all interfaces are put into Area zero.

83
00:05:22,200 --> 00:05:28,770
Another way to do this is to type show IP, OSPF interface and I'll do a brief because otherwise it's

84
00:05:28,770 --> 00:05:29,850
too much information.

85
00:05:30,360 --> 00:05:31,320
So brief.

86
00:05:31,320 --> 00:05:35,970
Notice this interface gigabit zero one is an area zero.

87
00:05:36,150 --> 00:05:40,020
This interface gigabit is zero zero is an area zero.

88
00:05:40,020 --> 00:05:44,040
Both interfaces on area zero show IP OSPF interface brief.

89
00:05:44,040 --> 00:05:49,020
On this side, both interfaces are in area one.

90
00:05:49,110 --> 00:05:51,510
We can see that clearly over here.

91
00:05:51,750 --> 00:05:56,520
And I mean, it's complaining like crazy the whole time about a mismatch.

92
00:05:56,820 --> 00:06:10,320
So to fix this, what I need to do is remove this command and put the interfaces into area zero.

93
00:06:10,380 --> 00:06:16,080
So I did a copy and paste there, delete that, change this to area zero.

94
00:06:16,380 --> 00:06:24,840
So now show IP OSPF interface brief should show us that both interfaces are in area zero, which they

95
00:06:24,840 --> 00:06:25,290
are.

96
00:06:25,290 --> 00:06:26,280
So that's good.

97
00:06:26,700 --> 00:06:29,460
So we fixed the area issue.

98
00:06:31,260 --> 00:06:32,130
Let's run a short.

99
00:06:32,130 --> 00:06:33,660
Kept you just so we can see that.

100
00:06:33,660 --> 00:06:34,350
So.

101
00:06:35,120 --> 00:06:38,540
I'll give you this as a second Wireshark capture.

102
00:06:39,050 --> 00:06:50,480
So, OSPF, what we should see now is from router two in the header that the interface is an area zero

103
00:06:50,480 --> 00:06:52,070
which we can see there.

104
00:06:52,250 --> 00:06:55,540
And for the other router it's also in area zero.

105
00:06:55,550 --> 00:07:01,580
So that's good, but it's not going to work because the passwords are wrong.

106
00:07:01,940 --> 00:07:04,520
So we still need to fix the passwords once again.

107
00:07:04,520 --> 00:07:07,190
Show IP OSPF neighbor.

108
00:07:07,220 --> 00:07:14,630
Notice there's no neighbor relationship on router two and there's no OSPF neighbor relationship and

109
00:07:14,630 --> 00:07:15,320
router one.

110
00:07:15,530 --> 00:07:20,360
They don't form neighbor relationships because there's a problem with a password.

111
00:07:20,870 --> 00:07:25,880
We could also do something like debug ip ospf adjacency to see the issue.

112
00:07:26,420 --> 00:07:27,620
What's going on?

113
00:07:27,620 --> 00:07:35,880
Notice right away we see the clear text mismatched authentication key debug IP OSPF age.

114
00:07:37,520 --> 00:07:42,830
What we'll see here, hopefully something similar saying that there's a problem with the password.

115
00:07:42,830 --> 00:07:47,330
There you go notice mismatched authentication key clear text.

116
00:07:47,450 --> 00:07:52,850
So we know that we're using clear text authentication and we know that there's a password issue.

117
00:07:53,180 --> 00:08:01,100
So show run on both sides will allow us to view what the password is set as can see it over there.

118
00:08:01,460 --> 00:08:02,900
So gigabit to zero one.

119
00:08:03,800 --> 00:08:08,330
And what I'll do at this point actually is just turn off debugging so we don't get those messages on

120
00:08:08,330 --> 00:08:09,200
both sides.

121
00:08:09,680 --> 00:08:15,890
So show run interface gigabit zero zero on the side, that interface notice the password is set to that.

122
00:08:16,400 --> 00:08:19,520
And on this side, show run interface gigabit zero one.

123
00:08:19,550 --> 00:08:24,470
This interface password is set to that, so let's make them the same.

124
00:08:24,590 --> 00:08:26,720
So interface gigabit is zero zero.

125
00:08:26,840 --> 00:08:30,800
I'll set the password to that just by copying it from router one.

126
00:08:30,800 --> 00:08:33,470
So show run interface gigabit is zero zero.

127
00:08:33,500 --> 00:08:39,110
Notice the password is the same and in my Wireshark capture notice we seeing.

128
00:08:40,190 --> 00:08:43,130
Negotiations with database updates.

129
00:08:43,370 --> 00:08:49,640
The routers are exchanging database information with each other because they formed a relationship that

130
00:08:49,640 --> 00:08:53,480
wouldn't happen if there was a password mismatch.

131
00:08:53,510 --> 00:09:00,200
Routers will only synchronize their databases or update one another if authentication passes and a bunch

132
00:09:00,200 --> 00:09:03,290
of other things are right, including the area number.

133
00:09:03,590 --> 00:09:04,670
So we fix two things.

134
00:09:04,670 --> 00:09:05,660
We fix the area.

135
00:09:05,660 --> 00:09:07,940
We fixed the password.

136
00:09:08,210 --> 00:09:12,530
So at this point, I'll stop that Wireshark capture so it doesn't get too big.

137
00:09:14,010 --> 00:09:14,970
And.

138
00:09:16,220 --> 00:09:17,510
I'll save that.

139
00:09:19,420 --> 00:09:23,440
As OSPF rts one fixed.

140
00:09:25,350 --> 00:09:25,590
Okay.

141
00:09:25,590 --> 00:09:26,620
But to prove it.

142
00:09:26,640 --> 00:09:29,370
Notice on the rotors, a loading is full.

143
00:09:29,400 --> 00:09:32,610
The side loading is full show IP route.

144
00:09:32,640 --> 00:09:37,020
We see an OSPF network on this side.

145
00:09:37,020 --> 00:09:38,100
Show IP route.

146
00:09:38,100 --> 00:09:44,010
We see an OSPF network on the PCs.

147
00:09:44,010 --> 00:09:45,960
Can they ping each other notice?

148
00:09:46,910 --> 00:09:50,600
VM two can ping PC one.

149
00:09:51,200 --> 00:09:53,350
So just to make the point, I have config.

150
00:09:53,360 --> 00:09:55,940
This is the IP address of Windows two.

151
00:09:56,240 --> 00:10:00,440
That's the PC over here and I'm pinging PC one.

152
00:10:01,510 --> 00:10:09,370
So paying PC one PC one IP config IP address is this.

153
00:10:09,730 --> 00:10:12,070
Can it ping PC two?

154
00:10:12,190 --> 00:10:13,210
Yes, it can.

155
00:10:14,290 --> 00:10:16,330
We fixed the issue in this network.

156
00:10:16,340 --> 00:10:19,370
Two problems area number was wrong.

157
00:10:19,390 --> 00:10:20,560
They need to be the same.

158
00:10:20,650 --> 00:10:24,460
OSPF routers will not form neighbor relationships if the area numbers are different.

159
00:10:24,730 --> 00:10:26,350
The password had to be the same.

160
00:10:26,380 --> 00:10:29,770
Now it's really bad practice to use clear text authentication.

161
00:10:30,190 --> 00:10:35,020
So once again, we can see the passwords in clear texture there.

162
00:10:35,020 --> 00:10:35,780
It was still an issue.

163
00:10:35,800 --> 00:10:38,440
Notice the password was wrong over here.

164
00:10:38,890 --> 00:10:40,810
And then when I fixed it.

165
00:10:43,010 --> 00:10:44,710
I might have to go a bit further.

166
00:10:45,070 --> 00:10:51,010
So just before they started exchanging databases, the password should have been fixed.

167
00:10:51,520 --> 00:10:53,300
So notice there is router two.

168
00:10:53,320 --> 00:10:55,900
Password is the same as right of one.

169
00:10:55,900 --> 00:10:58,750
Right to write a one password is the same.

170
00:10:58,750 --> 00:11:01,990
And then they were able to exchange databases with one another.

171
00:11:02,020 --> 00:11:05,410
In other words, form an OSPF relationship and exchange data.

172
00:11:06,100 --> 00:11:08,080
Be careful with passwords again.

173
00:11:08,080 --> 00:11:09,790
You don't want to use simple passwords like this.

174
00:11:09,790 --> 00:11:11,800
You want to use MD5 passwords.

175
00:11:12,460 --> 00:11:13,430
At least it's hashed.

176
00:11:13,450 --> 00:11:15,750
It's not perfect, but it's better than this.

177
00:11:15,760 --> 00:11:21,940
Anyone can capture these passwords and see what your device's passwords are and then inject routes into

178
00:11:21,940 --> 00:11:22,660
the network.

179
00:11:22,930 --> 00:11:23,890
Not a good idea.

180
00:11:24,550 --> 00:11:27,130
Okay, so I'm hoping you enjoying these troubleshooting videos.

181
00:11:27,130 --> 00:11:27,760
Let me know.