MikroTik

I am trying to get the Mikrotik to establish a neighbor relationship with the cisco router. An ethernet interface on the Mikrotik is connected with the Cisco's gigabit ethernet interface.

If you have input rules in the firewall will this block the multicast traffic and Hello packets coming to the Mikrotik. I can not get them to peer.

I should have clarified the connection. The cisco and Mikrotik connect to a Cisco 3650 switch. Both ports are in the same VLAN.

Can you post the OSPF configuration of Cisco and Mikrotik ?

Regards.

Faton

Is this enough information?

MIKROTIK

Interfaces
0 interface=ether2 cost=10 priority=1 authentication-key=""
network-type=broadcast retransmit-interval=5s transmit-delay=1s
hello-interval=10s dead-interval=40s


Networks
0 68.153.44.232/30 backbone
1 68.153.44.240/28 backbone
2 68.153.44.227/32 backbone


Areas
Flags: X - disabled
# NAME AREA-ID TYPE DEFAULT-COST AUTHENTICATION
0 backbone 0.0.0.0 default none




CISCO


show ip ospf
Routing Process "ospf 1" with ID 68.153.44.224
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
Area BACKBONE(0) (Inactive)
Number of interfaces in this area is 2 (1 loopback)
Area has no authentication
SPF algorithm last executed 3w1d ago
SPF algorithm executed 4 times
Area ranges are
Number of LSA 1. Checksum Sum 0x002DA5
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0


show ip ospf interfaces
GigabitEthernet0/0 is up, line protocol is up
Internet Address 68.153.44.234/29, Area 0
Process ID 1, Router ID 68.153.44.224, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 68.153.44.224, Interface address 68.153.44.234
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:04
Supports Link-local Signaling (LLS)
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Loopback0 is up, line protocol is up
Internet Address 68.153.44.224/32, Area 0
Process ID 1, Router ID 68.153.44.224, Network Type LOOPBACK, Cost: 1
Loopback interface is treated as a stub Host




Show Run
router ospf 1
log-adjacency-changes
passive-interface Serial0/0/0
network 68.153.44.224 0.0.0.0 area 0
network 68.153.44.232 0.0.0.3 area 0

Since the link is a 100Mb/s ethernet connection I have change the cost on the Mikrotik from 10 to 1. This is what the 2800 has the cost of the link to be. Still no luck. I am going to try running some debugs on the cisco to see what is happening.

From the Mikrotik I can ping 224.0.0.5 and get a reply from the Cisco Router from the Cisco's interface IP. The Mikrotik does not reply.

From the Cisco I can ping 224.0.0.5 and get a reply from the loopback IP of the Cisco Router. The Mikrotik does not reply.

I must have something configured incorrectly on the Mikrotik. I read the documentation 3 time and can not figure it out. All the timers seem to be matching up and the interface type on both devices it Broadcast.

BTW: The Cisco shows itself as a neighbor to itself. The Mikrotik shows the same thing, it is paired with itself. They just won't establish a relationship. During the debugs on the Cisco I could see the Hello packet leaving the Cisco but never seen a reply from the Mikrotik. When I run a packet sniff on the Mikrotik I can see the Hello packets from the Cisco to 224.0.0.5 every 10 seconds but never see an OSPF reply from the Mikrotik.

IIf you have input rules in the firewall will this block the multicast traffic and Hello packets coming to the Mikrotik

Yes, if the filter rules are not configured to allow for OSPF then it will be dropped. Routing protocol traffic does not automatically bypass firewall filters.

Are you running routing-test or the legacy routing package on the MikroTik router?

--Tom

From the Mikrotik I can ping 224.0.0.5 and get a reply from the Cisco Router from the Cisco's interface IP. The Mikrotik does not reply.

Pinging the multicast address is meaningless.

Please post the output of /routing ospf export from the MikroTik router here, and -if possible- the complete running-config of the Cisco router (remember to remove passwords from the Cisco output that are type-7 encrypted as they can be reversed).

What version of RouterOS are you running on your MikroTik device?

--Tom

Is this enough information?

Other forum members might have different likes/requirements, but I would like to see the output of

/ip address export

and

/routing ospf export

on the MikroTik

and

on the Cisco

show run | beg interface GigabitEthernet0/0

show run | beg router ospf

regards/ldv

I fell like an idiot. I overlooked the subnet mask on the network command on the mikrotik and Cisco. They were wrong. I have corrected this. I added a rule in the firewall to allow OSPF protocol traffic from the Cisco IP and Cisco Loopback. Everything is working now!!!

Tell me please, is mikrotik answer on 224.0.0.5 ping ?

I made simple ospf-scheme with 3 routers (mikrotik), all working, but mikrotik does not response on pinging 224.0.0.5