Re: OSPF authentication

From: Bob Dixon (bobdixon@xxxxxxxxxxxx)
Date: Sun Jun 17 2001 - 15:46:07 GMT-3

• Next message: Chuck Church: "RE: eigrp with secondary ip"
• Previous message: Cal Michael: "Problem with VoIP Dial Peers / Destination Patterns"
• Maybe in reply to: Theodore TZEVELEKIS: "OSPF authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I have seen this as well. In fact, when I was doing fatkid 401, I tried
baselining the config with no authentication. Everything worked great. As I
started adding authentication, everything broke. No OSPF routes. I thought
it might take a minute or so to start working, so I waited. No dice. I
thought maybe I should clear ip ro *, but to no avail. I did a clear ip
ospf, didn't fix it. I thought, hey, maybe this is one of those instances
that requires a reload. No luck. Finally I removed and added the
authentication and everything worked. I'd like to believe that it was a
trailing space on the key (that would make sense), but I was very careful
and deliberate when typing in the authentication command. I am still
confused on this one, but I will try removing and adding first next time.

Bob

----- Original Message -----
From: Brian <signal@shreve.net>
To: John Barnes <jbarrnes@yahoo.com>
Cc: <ccielab@groupstudy.com>
Sent: Sunday, June 17, 2001 1:45 PM
Subject: Re: OSPF authentication

> John,
>
> I have seen this exact same thing, and that must have
> been what I was doing. Where I take out the key
> and add it back and then it begins working. You
> will go insane looking at a config that looks 100%
> correct but is not working
>
> On Sun, 17 Jun 2001, John Barnes wrote:
>
> > Try taking out the line
> >
> > ip ospf message-digest-key 1 md5 cisco
> >
> > on r1 and then adding it back. I have found that on
> > more than one occasion I have accidently added a space
> > to the end of the password, and there is no way (that
> > I've found) to see it.
> >
> >
> > -j
> >
> >
> > --- Theodore TZEVELEKIS
> > <theodore_tzevelekis@yahoo.com> wrote:
> > > Hi all,
> > >
> > > I have the following setup:
> > >
> > > R1,R2,R4 in area 0 (frame - R4 is hub)
> > > R1 - V-L - R6
> > >
> > > authentication on V-L and area 0
> > > R4 and R2 authenticate.
> > > V-L authenticates
> > > R4 and R1 REFUSE to authenticate.
> > > I get on R1:
> > >
> > > *Mar 1 00:39:03.092: OSPF: Rcv pkt from
> > > 137.3.124.4, Serial0/0 : Mismatch
> > > Authe
> > > ntication Key - Message Digest Key 1
> > >
> > > Am I missing something here?
> > >
> > > Thanks.
> > >
> > > Theo
> > >
> > >
> > > **************related configs****************
> > >
> > > R2
> > > interface Serial0/0
> > > ip address 137.3.124.2 255.255.255.224
> > > no ip directed-broadcast
> > > encapsulation frame-relay
> > > ip ospf message-digest-key 1 md5 cisco
> > > ip ospf interface-retry 0
> > > ip ospf priority 0
> > > no ip mroute-cache
> > > no fair-queue
> > > frame-relay map ip 137.3.124.1 204
> > > frame-relay map ip 137.3.124.4 204
> > > no frame-relay inverse-arp
> > > !
> > > router ospf 100
> > > area 0 authentication message-digest
> > > redistribute connected metric-type 1 subnets
> > > redistribute rip metric-type 1 subnets
> > > network 137.3.2.0 0.0.0.255 area 0
> > > network 137.3.124.0 0.0.0.31 area 0
> > >
> > > R4
> > > interface Serial0/0
> > > ip address 137.3.124.4 255.255.255.224
> > > no ip directed-broadcast
> > > encapsulation frame-relay
> > > ip ospf message-digest-key 1 md5 cisco
> > > ip ospf interface-retry 0
> > > ip ospf priority 255
> > > no ip mroute-cache
> > > no fair-queue
> > > frame-relay map ip 137.3.124.1 401
> > > frame-relay map ip 137.3.124.2 402
> > > no frame-relay inverse-arp
> > > !
> > > router ospf 100
> > > area 0 authentication message-digest
> > > redistribute connected metric-type 1 subnets
> > > network 137.3.4.0 0.0.0.255 area 0
> > > network 137.3.40.0 0.0.0.255 area 3
> > > network 137.3.124.0 0.0.0.31 area 0
> > > neighbor 137.3.124.2
> > > neighbor 137.3.124.1
> > >
> > > R1
> > > !
> > > interface Serial0/0
> > > ip address 137.3.124.1 255.255.255.224
> > > no ip directed-broadcast
> > > encapsulation frame-relay
> > > ip ospf message-digest-key 1 md5 cisco
> > > ip ospf priority 0
> > > no ip mroute-cache
> > > no fair-queue
> > > frame-relay map ip 137.3.124.2 104
> > > frame-relay map ip 137.3.124.4 104
> > > no frame-relay inverse-arp
> > > !
> > > router ospf 100
> > > area 0 authentication message-digest
> > > area 4 virtual-link 137.3.6.6 message-digest-key 1
> > > md5 cisco
> > > timers spf 10 15
> > > redistribute connected metric-type 1 subnets
> > > redistribute static metric 1000 metric-type 1
> > > subnets
> > > network 137.3.1.0 0.0.0.255 area 0
> > > network 137.3.16.0 0.0.0.255 area 4
> > > network 137.3.124.0 0.0.0.31 area 0
> > > !
> > >
> > > R6
> > > router ospf 100
> > > area 0 authentication message-digest
> > > area 4 virtual-link 137.3.1.1 message-digest-key 1
> > > md5 cisco
> > > area 5 nssa no-summary
> > > network 137.3.6.0 0.0.0.255 area 4
> > > network 137.3.16.0 0.0.0.255 area 4
> > > network 137.3.36.0 0.0.0.255 area 5
> > > network 137.3.60.0 0.0.0.255 area 4
> > >
> > >
> > >

• Next message: Chuck Church: "RE: eigrp with secondary ip"
• Previous message: Cal Michael: "Problem with VoIP Dial Peers / Destination Patterns"
• Maybe in reply to: Theodore TZEVELEKIS: "OSPF authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:25 GMT-3