From: Jason Sinclair (sinclairj@xxxxxxxxxxxxxxx)
Date: Mon Oct 29 2001 - 21:34:40 GMT-3
I believe that you need the following:
Ip ospf authentication message-digest
Under the interface as well.
Regards,
Jason Sinclair
Network Support Manager
POWERTEL Limited
Level 11, 55 Clarence Street, SYDNEY
Phone: 61-2-8264-3820
Fax: 61-2-9279-2604
Mobile: 0416 105 858
jasons@powertel.net.au
-----Original Message-----
From: Eric Sarraf [mailto:esarraf@cisco.com]
Sent: Tuesday, 30 October 2001 10:08
To: Jon CCIE-study Account
Cc: ccielab@groupstudy.com; anawaz@cisco.com
Subject: Re: Virtual Link Authentication
Here are the configs. Area 0 resides on R5's Serial0. Area
45 is on R4's
Ethernet0 and R5's Ethernet 1.
Thanks guys for the extra effort.
R4500M-3A-R5#sh run
Building configuration...
Current configuration : 3653 bytes
!
version 12.1
service timestamps debug datetime
service timestamps log datetime
no service password-encryption
!
hostname R4500M-3A-R5
!
enable password ww
!
ip subnet-zero
no ip finger
no ip domain-lookup
!
!
source-bridge ring-group 2000
source-bridge transparent 2000 100 1 10
dlsw local-peer peer-id 5.5.5.5
dlsw remote-peer 0 tcp 3.3.3.3 host-netbios-out test2
dlsw icanreach mac-address 4000.2000.1000 mask
ffff.ffff.ffff
dlsw bridge-group 1
!
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Loopback1
ip address 160.5.65.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback2
ip address 160.5.66.1 255.255.255.0
ip ospf network point-to-point
!
interface Loopback3
ip address 160.5.67.1 255.255.255.0
!
interface Loopback4
ip address 160.5.68.1 255.255.255.0
!
interface Loopback5
no ip address
!
interface Loopback21
ip address 21.21.21.21 255.255.255.255
!
interface Ethernet0
ip address 160.5.53.5 255.255.255.0
media-type 10BaseT
!
interface Ethernet1
ip address 160.5.54.5 255.255.255.0
media-type 10BaseT
bridge-group 10
!
interface Serial0
ip address 160.5.1.5 255.255.255.248
ip access-group 5 in
encapsulation frame-relay
ip ospf message-digest-key 1 md5 cisco
ip ospf network non-broadcast
ip ospf priority 10
no fair-queue
clockrate 64000
frame-relay map ip 160.5.1.1 201 broadcast
frame-relay map ip 160.5.1.3 100 broadcast
no frame-relay inverse-arp
!
interface Serial1
no ip address
shutdown
!
interface TokenRing0
ip address 160.5.5.5 255.255.255.0
ring-speed 16
source-bridge 1 1 2000
source-bridge spanning
netbios output-access-filter host test
!
interface TokenRing1
ip address 160.1.45.1 255.255.255.0
shutdown
ring-speed 16
!
router ospf 1
log-adjacency-changes
area 0 authentication message-digest
area 45 virtual-link 4.4.4.4 authentication message-digest
area 45 virtual-link 4.4.4.4 message-digest-key 1 md5
cisco
area 55 range 160.5.64.0 255.255.248.0
redistribute connected subnets
network 160.5.1.0 0.0.0.255 area 0
network 160.5.53.0 0.0.0.255 area 5
network 160.5.54.0 0.0.0.255 area 45
network 160.5.64.0 0.0.7.255 area 55
neighbor 160.5.1.1
neighbor 160.5.1.3
!
router bgp 65050
no synchronization
bgp log-neighbor-changes
bgp confederation identifier 5000
bgp confederation peers 65040
network 5.5.5.5 mask 255.255.255.255
neighbor 1.1.1.1 remote-as 65050
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 route-reflector-client
neighbor 3.3.3.3 remote-as 65050
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 route-reflector-client
neighbor 4.4.4.4 remote-as 65040
neighbor 4.4.4.4 ebgp-multihop 255
neighbor 4.4.4.4 update-source Loopback0
!
ip classless
no ip http server
!
access-list 5 deny 160.5.68.0 0.0.0.255
access-list 5 permit any
access-list 10 permit 160.5.65.0 0.0.0.255
access-list 11 deny 160.5.68.0 0.0.0.255
access-list 11 permit any
access-list 165 deny ip host 160.5.68.0 255.255.255.0
0.0.0.255
access-list 165 permit ip any any
access-list 200 permit 0x0000 0x0D0D
access-list 200 deny 0x0000 0xFFFF
route-map supp permit 10
match ip address 10
!
route-map suppress permit 10
match ip address 165
!
bridge 1 protocol ieee
bridge 10 protocol ieee
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password ww
login
!
end
R2514-4M-R4#sh run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R2514-4M-R4
!
!
username R2514-4K-R1 password 0 cisco
username bangalore password 0 cisco
ip subnet-zero
no ip domain-lookup
isdn switch-type basic-ni
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
no ip directed-broadcast
!
interface Ethernet0
ip address 160.5.54.4 255.255.255.0
no ip directed-broadcast
!
interface Serial0
ip address 150.100.1.5 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
no fair-queue
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
interface BRI0
ip address 160.5.14.2 255.255.255.252
no ip directed-broadcast
encapsulation ppp
dialer idle-timeout 300
dialer map ip 160.5.14.1 name bangalore broadcast 4349062
dialer-group 1
isdn switch-type basic-ni
isdn spid1 40843490640101 4349064
isdn spid2 40843490650101 4349065
no peer neighbor-route
ppp authentication chap callin
ppp chap hostname mumbai
ppp chap password 7 060506324F41
ppp multilink
!
router ospf 1
area 45 virtual-link 160.5.68.1 authentication
message-digest
area 45 virtual-link 160.5.68.1 message-digest-key 1 md5
cisco
redistribute connected subnets
redistribute rip subnets
network 150.100.1.5 0.0.0.0 area 4
network 160.5.14.2 0.0.0.0 area 14
network 160.5.54.0 0.0.0.255 area 45
!
router rip
network 150.100.0.0
distribute-list 3 out ospf 1
distribute-list 4 out Serial0
!
router bgp 65040
no synchronization
bgp confederation identifier 5000
bgp confederation peers 65050
network 4.4.4.4 mask 255.255.255.255
neighbor 5.5.5.5 remote-as 65050
neighbor 5.5.5.5 ebgp-multihop 3
neighbor 5.5.5.5 update-source Loopback0
!
ip classless
!
access-list 2 deny 160.5.0.0
access-list 2 deny 150.100.0.0 0.0.255.255
access-list 2 permit any
access-list 3 permit 195.1.0.0 0.0.30.0
access-list 4 permit 160.5.0.0 0.0.255.255
access-list 105 permit ip any host 255.255.255.255
dialer-list 1 protocol ip permit
route-map RIP-OSPF permit 10
match ip address 3
!
line con 0
session-timeout 500
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end
R4 debug message:
03:26:42: OSPF: Rcv pkt from 160.5.54.5, Ethernet0 :
Mismatch
Authentication Key - Message Digest Key 1
03:26:46: OSPF: Send with youngest Key 1
R5 debug message:
*Nov 22 17:56:56: OSPF: Rcv pkt from 160.5.54.4, Ethernet1 :
Mismatch
Authentication Key - Message Digest Key 1
*Nov 22 17:56:56: OSPF: Send with youngest Key 1
At 10:10 PM 10/29/2001 +0100, Jon CCIE-study Account wrote:
>Hi Eric
>
>If you have tried to enable MD authentication on BOTH
routers could you
>provide us with the configurations and debugs from both
routers from the
>non-working example?
>
>best regard,
>Jon
>----- Original Message -----
>From: "Eric Sarraf" <esarraf@cisco.com>
>To: <ccielab@groupstudy.com>
>Sent: Monday, October 29, 2001 6:50 PM
>Subject: Virtual Link Authentication
>
>
> > I have enabled message-digest authentication on area 0.
There is also
> > virtual link between my two routers R4 and R5 residing
on area 45 (R5
>also
> > resides on area 0). I have also enabled authentication
on the virtual link
> > . Things work fine with below configurations. However,
if I replace "area
> > 45 virtual-link 4.4.4.4 authentication" with "area 45
virtual-link 4.4.4.4
> > authentication message digest" I get the following error
on both routers:
> >
> > 1w1d: OSPF: Rcv pkt from 160.5.54.5, Ethernet0 :
Mismatch Authentication
> > Key - Message Digest Key 1
> >
> > Why can not I have "message-digest" on my viurtual link
statement?
> >
> > Thanks, Eric
> >
> > R5 router:
> >
> > router ospf 1
> > log-adjacency-changes
> > area 0 authentication message-digest
> > area 45 virtual-link 4.4.4.4 authentication
> > area 45 virtual-link 4.4.4.4 message-digest-key 1 md5
cisco
> > area 55 range 160.5.64.0 255.255.248.0
> > redistribute connected subnets
> > network 160.5.1.0 0.0.0.255 area 0
> > network 160.5.53.0 0.0.0.255 area 5
> > network 160.5.54.0 0.0.0.255 area 45
> > network 160.5.64.0 0.0.7.255 area 55
> > neighbor 160.5.1.1
> > neighbor 160.5.1.3
> >
> >
> > R4 router:
> >
> > router ospf 1
> > area 45 virtual-link 160.5.68.1 authentication
> > area 45 virtual-link 160.5.68.1 message-digest-key 1
md5 cisco
> > redistribute connected subnets
> > redistribute rip subnets
> > network 150.100.1.5 0.0.0.0 area 4
> > network 160.5.14.2 0.0.0.0 area 14
> > network 160.5.54.0 0.0.0.255 area 45
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:28 GMT-3