No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Knowledge Base

The case that Eudemon300&500&1000 don’t open packet filtering lead to OSPF neighbor relationship can’t be established

Publication Date:  2012-11-01  |   Views:  135  |   Downloads:  0  |   Author:  SU1001429751  |   Document ID:  EKB1000018828


Issue Description

Networking: E300 (untrust domain) - - - - - - - - - C company SW
Phenomenon: the OSPF neighbor relationship between E300 and C company SW device can not be established.

Alarm Information


Handling Process

Check the firewall configuration, find that firewall only open the inter-domain default packet filtering from the local to untrust domain, and do not open the inter-domain packet filtering from untrust to local domain. Finally through open the firewall packet filtering from untrust domain to local domain, OSPF neighbor relationship returned to be normal.
From log can view that:
2010-04-19 09:29:57 aaa-Eudemon300-1-HT %%01SHELL/5/CMD(l): task:vt0 ip:X.X.X.X user:YYY vrf:public command:firewall packet-filter default permit interzone local untrust direction inbound
2010-04-19 09:30:36 aaa-Eudemon300-1-HT %%01RM/5/RTLOG(l): OSPF TRANSITION Broadcast Interface X.X.X.162(Ethernet2/0/7)'s Neighbor X.X.X.161 Loading -> Full 

Root Cause

1, configuration problem.
2, device mechanism is not compatible.
This problem is caused by the first one.


The firewall need make packet filtering for unicast message, there is unicast message in the OSPF negotiation, such as: DB message, LSR message, etc., if the packet filtering is not open, this part of the message will be discarded when inquires the packet filtering, because do not open the inter-domain packet filtering, OSPF is unable to make negotiation.
In the OSPF networking, need to open the packet filtering for OSPF.