Connection : NE40E --- Eudemon200 -- s6502 -- Customer network
To enhance the security of the customer network, an Eudemon 200 is installed between NE40E and s6502. This Eudemon is running as transparent mode. After that, the NE40E is unable to establish OSPF neighbor with the s6502.
1.Verify the OSPF configuration of NE40E and s6502. The configurations are ok.
2.Verify the interfaces, security zones and rules of Eudemon. The configuration is ok. All allowed packets are able to pass through.
3.Connect the NE40E and s6502 directly without Eudemon in between. OSPF neighbor able to establish.
The above troubleshooting procedure confirms, the issue is caused Eudemon.
After going through the Eudemon operation menu, it is found that by default the Eudemon (transparent mode) will drop all multicast packet. To form OSPF neighbor both NE40E and s6502 need to exchange hello packet which is multicast packet destination to 22.214.171.124.
To disable the firewall dropping the multicast packet, you can configure command, firewall unknown-mac multicast flood. After this command, NE40E and s6502 are able to establish OSPF.
There are various reasons of OSPF neighbor unable to be established. The reasons are both devices having same router id, different interface type, different OSPF area ID and etc.
With the above connections, another reason could be the hello packet (multicast packet) used to form neighbor is blocked by the Eudemon.