OSPF md5 Authentication problem

From: BUI, TIN T (SBCSI) (tb4565@xxxxxxx)
Date: Mon Feb 26 2001 - 19:22:56 GMT-3

• Next message: Johnny Dedon: "DDR config with watchdog and spx spoofing"
• Previous message: Steven Weber: "update-source lo0..."
• Next in thread: Johnny Dedon: "Re: OSPF md5 Authentication problem"
• Maybe reply: Johnny Dedon: "Re: OSPF md5 Authentication problem"
• Maybe reply: Todd White: "RE: OSPF md5 Authentication problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi, can anyone see what the problem is? My md5 authentication is not
working correctly. I did debug ip ospf adjanceny on R5 and I keep on seeing
OSPF: Rcv pkt from 133.2.100.242, Serial0.23 : Mismatch Authentication Key -
Message Digest Key 2. R5 is a hub and R2 & R3 are spokes for Frame-relay
(All three are in area 0). R5 is also connected to R6 (area 5) and R6
connected to Area 6 via virtual link using area 5 as transit. R2 & R3 area
also connected via ethernet connection. R5 has one subinterface that points
to both R2 and R3. R2 & R3 are physical interfaces. R2 is not showing ospf
neighbors correctly after I activated md5. Before I turned message digest
on, all routers can see their neighbors correctly so the problem is not my
network type of non-broadcast or adjacencies. I have already rebooted all
routers involved twice and reentered my message-digest commands on R2 3+
times without luck. Somehow, R5 is not recognizing R2 password that is
sent. R3 does not have this problem and R2 is configured exactly as R3.
I'm wondering if my ios on R2 is buggy or some type of encryption feature is
turned on R2 that causes the password to not match up. Here is my config and
debug:
R5:
interface Serial0.23 multipoint
 ip address 133.2.100.245 255.255.255.240
 ip ospf message-digest-key 2 md5 7 cisco
 ip ospf priority 10
 frame-relay map ip 133.2.100.242 520 broadcast
 frame-relay map ip 133.2.100.243 530 broadcast
router ospf 1
 redistribute igrp 15 subnets
 network 133.2.5.5 0.0.0.0 area 0
 network 133.2.56.0 0.0.0.255 area 5
 network 133.2.100.0 0.0.0.255 area 0
 default-metric 10
 area 0 authentication message-digest
 area 5 virtual-link 133.2.6.6 message-digest-key 2 md5 7 cisco
R2:
interface Serial0/0
 ip address 133.2.100.242 255.255.255.240
 encapsulation frame-relay
 ip ospf message-digest-key 2 md5 7 cisco
 no ip mroute-cache
 frame-relay map ip 133.2.100.243 250 broadcast
 frame-relay map ip 133.2.100.245 250 broadcast
router ospf 1
 redistribute eigrp 24 subnets
 network 133.2.2.2 0.0.0.0 area 0
 network 133.2.22.0 0.0.0.255 area 2
 network 133.2.23.0 0.0.0.255 area 23
 network 133.2.100.0 0.0.0.255 area 0
 neighbor 133.2.100.245 priority 10
 default-metric 10
 area 0 authentication message-digest
R3:
interface Serial0
 ip address 133.2.100.243 255.255.255.240
 ip ospf message-digest-key 2 md5 7 cisco
 frame-relay map ip 133.2.100.242 350 broadcast
 frame-relay map ip 133.2.100.245 350 broadcast
router ospf 1
 network 133.2.3.3 0.0.0.0 area 0
 network 133.2.23.0 0.0.0.255 area 23
 network 133.2.100.0 0.0.0.255 area 0
 neighbor 133.2.100.245 priority 10
 area 0 authentication message-digest

R6:
router ospf 1
 network 133.2.6.6 0.0.0.0 area 5
 network 133.2.56.0 0.0.0.255 area 5
 network 133.2.66.0 0.0.0.255 area 6
 area 5 virtual-link 133.2.5.5 message-digest-key 2 md5 7 cisco

debug->>> Note the problem is with R2 not sending correct key!!!

6d22h: OSPF: rcv. v:2 t:1 l:48 rid:133.2.6.6
      aid:0.0.0.5 chk:E785 aut:0 auk: from Serial1
6d22h: OSPF: Rcv hello from 133.2.6.6 area 5 from Serial1 133.2.56.6
6d22h: OSPF: End of hello processing
6d22h: OSPF: Send with youngest Key 2
6d22h: OSPF: rcv. v:2 t:1 l:48 rid:133.2.6.6
      aid:0.0.0.5 chk:E785 aut:0 auk: from Serial1
6d22h: OSPF: Rcv hello from 133.2.6.6 area 5 from Serial1 133.2.56.6
6d22h: OSPF: End of hello processing
6d22h: OSPF: rcv. v:2 t:1 l:48 rid:133.2.3.3
      aid:0.0.0.0 chk:0 aut:2 keyid:2 seq:0x5341 from Serial0.23
6d22h: OSPF: Rcv hello from 133.2.3.3 area 0 from Serial0.23 133.2.100.243
6d22h: OSPF: End of hello processing
6d22h: OSPF: Rcv pkt from 133.2.100.242, Serial0.23 : Mismatch
Authentication Ke
y - Message Digest Key 2
6d22h: OSPF: rcv. v:2 t:1 l:48 rid:133.2.6.6
      aid:0.0.0.5 chk:E785 aut:0 auk: from Serial1
6d22h: OSPF: Rcv hello from 133.2.6.6 area 5 from Serial1 133.2.56.6
6d22h: OSPF: End of hello processing
6d22h: OSPF: Rcv pkt from 133.2.100.242, Serial0.23 : Mismatch
Authentication Key - Message Digest Key 2
6d22h: OSPF: rcv. v:2 t:1 l:48 rid:133.2.6.6
      aid:0.0.0.5 chk:E785 aut:0 auk: from Serial1
6d22h: OSPF: Rcv hello from 133.2.6.6 area 5 from Serial1 133.2.56.6

> Tin T. Bui
> Senior Network Manager
> CCNP, CNE, MCP
> Network Management Center
> SBC Services Inc.
> 7337 Trade Street, Rm 1110
> San Diego, Ca 92121
> Office #: 858-886-4644/858-886-4589
> Pager #: 858-494-0482
> Fax #: 858-549-4103
> Email: tb4565@sbc.com
>

• Next message: Johnny Dedon: "DDR config with watchdog and spx spoofing"
• Previous message: Steven Weber: "update-source lo0..."
• Next in thread: Johnny Dedon: "Re: OSPF md5 Authentication problem"
• Maybe reply: Johnny Dedon: "Re: OSPF md5 Authentication problem"
• Maybe reply: Todd White: "RE: OSPF md5 Authentication problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:04 GMT-3