OSPF is run between two core switches. The OSPF cost values of the two links between aggregation switch A and core switch A are changed, so that the link on the left carries services and the link on the right acts as the backup.
2. Problem: The IP address of G1/0/1 (default VLANIF 134) on the aggregation switch cannot be pinged on PCA.
Step 1. On the core switch, ping the IP address of G1/0/1 on the aggregation switch. The ping succeeds, indicating that the interfaces on the core and aggregation switches and the intermediate links are normal.
Step 2. Check routes on the aggregation switch. It has a route to the network segment 220.127.116.11, with the next hop being 192.168.248.113.
Step 3. Check the configuration on the aggregation switch. No forwarding restriction or filtering policy is found.
Step 4. Check the configuration on the core switch. It is found that the URPF strict mode is configured on G1/1/0/1 and XG1/6/0/3.
When PCA pings the IP address (192.168.246.2) of G1/0/1 on the aggregation switch, XG1/6/0/3 (with IP address 192.168.246.1) on the core switch directly forwards the ICMP Request packet to G1/0/1 because the two interfaces are directly connected (this route has a higher priority). The ICMP Response packet is sent from G1/0/0 on the aggregation switch to PCA through G1/1/0/1 on the core switch. This is because the link between G1/0/0 and G1/1/0/1 has a lower OSPF cost value than the link between G1/0/1 and XG1/6/0/3. In normal cases, the ping can succeed. However, the URPF strict mode is configured on G1/1/0/1 and XG1/6/0/3 of the core switch. In URPF strict mode, a packet passes the check only when the device has a route to the source IP address of the packet in the routing table, and the inbound interface of the packet should be the same as the outbound interface of the route. Otherwise, the packet is discarded.Since the ICMP packets exchanged between PCA and G1/0/1 (with IP address 192.168.246.2) are transmitted along different paths, the ping fails.
Disable URPF check for the flows transmitted between PCA and G1/0/0 of the aggregation switch.
acl number 3000
rule 5 permit ip source 192.168.246.2 0 destination 18.104.22.168 0 0
traffic classifier a
if-match acl 3000
traffic behavior a
ip urpf disable
traffic policy a
classifier a behavior a
traffic-policy a inbound