cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
752
Views
0
Helpful
6
Replies

ospf packet length mismatch ?

manik.palekar
Level 1
Level 1

m getting thousands of hits on IDS with ospf packey length mismatch between two cisco routers..please let me know how to stop this...

thanks in advance

regards..

manik...

6 Replies 6

marikakis
Level 7
Level 7

Hello,

Two cisco routers will not become OSPF neighbors if the MTU's on the neighboring interfaces are not the same. Please make sure the MTU's on those interfaces are the same.

Kind Regards,

M.

hello...both the routers are connected through L3 switch.they are neighbours with each other..

Thanks..

Manik

Hi,

I do not think its a MTU issue.Because packet length says about the length of the ospf packet including header.

Check whether the configuration is same for both outers.Also see whetehr they are adjacent with each other.

HTH,

regards,

shri :)

yes i support that the above post..

If ur ospf is working fine,i think it can happen any signature of low severity might be triggred in ids.can u check for the signature details of that event..

Can you please post errors your getting on IDS?

Cheers,

Nikhil E.

mounir.mohamed
Level 7
Level 7

Are your devices forming adjacency or not?

-If the MTU mismatched the adjacency will never come up, unless manually configured to be matched on both ends on the link (neighbors) or ignore the MTU check during adjacency negotiations

Example:

Router(config-if)#int g0/0

Router(config-if)#ip ospf mtu-ignore

If your devices already forming adjacency and u only observe packet length mismatch, If you read section 8.2 of RFC 2328, there is no place that says

That an OSPF router should make this check, and the OSPF header

Length will always be different than IP length

http://www.faqs.org/rfcs/rfc2328.html

Best Regards,

Mounir Mohamed

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: