From: Johnny Dedon (johnny.dedon@xxxxxxxxxx)
Date: Mon Feb 26 2001 - 19:48:58 GMT-3
I don't see anything on R2 that is wrong, maybe a space or something. Try
reconfig the auth on R2 .The virtual link routers must have the statement
area 0 auth mess digest. for them to authenticate to area 0 however.
Johnny Dedon
Senior Staff Consultant
Exodus Professional Services
johnny.dedon@exodus.net
www.exodus.net
----- Original Message -----
From: "BUI, TIN T (SBCSI)" <tb4565@sbc.com>
To: <ccielab@groupstudy.com>; "'Diep, Matt'" <matt.diep@wilcom.com>
Sent: Monday, February 26, 2001 4:22 PM
Subject: OSPF md5 Authentication problem
> Hi, can anyone see what the problem is? My md5 authentication is not
> working correctly. I did debug ip ospf adjanceny on R5 and I keep on
seeing
> OSPF: Rcv pkt from 133.2.100.242, Serial0.23 : Mismatch Authentication
Key -
> Message Digest Key 2. R5 is a hub and R2 & R3 are spokes for Frame-relay
> (All three are in area 0). R5 is also connected to R6 (area 5) and R6
> connected to Area 6 via virtual link using area 5 as transit. R2 & R3
area
> also connected via ethernet connection. R5 has one subinterface that
points
> to both R2 and R3. R2 & R3 are physical interfaces. R2 is not showing
ospf
> neighbors correctly after I activated md5. Before I turned message
digest
> on, all routers can see their neighbors correctly so the problem is not my
> network type of non-broadcast or adjacencies. I have already rebooted all
> routers involved twice and reentered my message-digest commands on R2 3+
> times without luck. Somehow, R5 is not recognizing R2 password that is
> sent. R3 does not have this problem and R2 is configured exactly as R3.
> I'm wondering if my ios on R2 is buggy or some type of encryption feature
is
> turned on R2 that causes the password to not match up. Here is my config
and
> debug:
> R5:
> interface Serial0.23 multipoint
> ip address 133.2.100.245 255.255.255.240
> ip ospf message-digest-key 2 md5 7 cisco
> ip ospf priority 10
> frame-relay map ip 133.2.100.242 520 broadcast
> frame-relay map ip 133.2.100.243 530 broadcast
> router ospf 1
> redistribute igrp 15 subnets
> network 133.2.5.5 0.0.0.0 area 0
> network 133.2.56.0 0.0.0.255 area 5
> network 133.2.100.0 0.0.0.255 area 0
> default-metric 10
> area 0 authentication message-digest
> area 5 virtual-link 133.2.6.6 message-digest-key 2 md5 7 cisco
> R2:
> interface Serial0/0
> ip address 133.2.100.242 255.255.255.240
> encapsulation frame-relay
> ip ospf message-digest-key 2 md5 7 cisco
> no ip mroute-cache
> frame-relay map ip 133.2.100.243 250 broadcast
> frame-relay map ip 133.2.100.245 250 broadcast
> router ospf 1
> redistribute eigrp 24 subnets
> network 133.2.2.2 0.0.0.0 area 0
> network 133.2.22.0 0.0.0.255 area 2
> network 133.2.23.0 0.0.0.255 area 23
> network 133.2.100.0 0.0.0.255 area 0
> neighbor 133.2.100.245 priority 10
> default-metric 10
> area 0 authentication message-digest
> R3:
> interface Serial0
> ip address 133.2.100.243 255.255.255.240
> ip ospf message-digest-key 2 md5 7 cisco
> frame-relay map ip 133.2.100.242 350 broadcast
> frame-relay map ip 133.2.100.245 350 broadcast
> router ospf 1
> network 133.2.3.3 0.0.0.0 area 0
> network 133.2.23.0 0.0.0.255 area 23
> network 133.2.100.0 0.0.0.255 area 0
> neighbor 133.2.100.245 priority 10
> area 0 authentication message-digest
>
> R6:
> router ospf 1
> network 133.2.6.6 0.0.0.0 area 5
> network 133.2.56.0 0.0.0.255 area 5
> network 133.2.66.0 0.0.0.255 area 6
> area 5 virtual-link 133.2.5.5 message-digest-key 2 md5 7 cisco
>
> debug->>> Note the problem is with R2 not sending correct key!!!
>
> 6d22h: OSPF: rcv. v:2 t:1 l:48 rid:133.2.6.6
> aid:0.0.0.5 chk:E785 aut:0 auk: from Serial1
> 6d22h: OSPF: Rcv hello from 133.2.6.6 area 5 from Serial1 133.2.56.6
> 6d22h: OSPF: End of hello processing
> 6d22h: OSPF: Send with youngest Key 2
> 6d22h: OSPF: rcv. v:2 t:1 l:48 rid:133.2.6.6
> aid:0.0.0.5 chk:E785 aut:0 auk: from Serial1
> 6d22h: OSPF: Rcv hello from 133.2.6.6 area 5 from Serial1 133.2.56.6
> 6d22h: OSPF: End of hello processing
> 6d22h: OSPF: rcv. v:2 t:1 l:48 rid:133.2.3.3
> aid:0.0.0.0 chk:0 aut:2 keyid:2 seq:0x5341 from Serial0.23
> 6d22h: OSPF: Rcv hello from 133.2.3.3 area 0 from Serial0.23 133.2.100.243
> 6d22h: OSPF: End of hello processing
> 6d22h: OSPF: Rcv pkt from 133.2.100.242, Serial0.23 : Mismatch
> Authentication Ke
> y - Message Digest Key 2
> 6d22h: OSPF: rcv. v:2 t:1 l:48 rid:133.2.6.6
> aid:0.0.0.5 chk:E785 aut:0 auk: from Serial1
> 6d22h: OSPF: Rcv hello from 133.2.6.6 area 5 from Serial1 133.2.56.6
> 6d22h: OSPF: End of hello processing
> 6d22h: OSPF: Rcv pkt from 133.2.100.242, Serial0.23 : Mismatch
> Authentication Key - Message Digest Key 2
> 6d22h: OSPF: rcv. v:2 t:1 l:48 rid:133.2.6.6
> aid:0.0.0.5 chk:E785 aut:0 auk: from Serial1
> 6d22h: OSPF: Rcv hello from 133.2.6.6 area 5 from Serial1 133.2.56.6
>
>
> > Tin T. Bui
> > Senior Network Manager
> > CCNP, CNE, MCP
> > Network Management Center
> > SBC Services Inc.
> > 7337 Trade Street, Rm 1110
> > San Diego, Ca 92121
> > Office #: 858-886-4644/858-886-4589
> > Pager #: 858-494-0482
> > Fax #: 858-549-4103
> > Email: tb4565@sbc.com
> >
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:04 GMT-3