From: routerjocky (elouie@xxxxxxxxx)
Date: Tue Oct 30 2001 - 00:19:43 GMT-3
as long as the loopback on R4 was created before enabling ospf, ospf will
take the loopback interface as it's router ID.
The one thing I did notice was the missing area 0 authentication
message-digest on R4's ospf configuration.
-e-
----- Original Message -----
From: "Albert Lu" <albert_ccie@yahoo.com>
To: "'Eric Sarraf'" <esarraf@cisco.com>
Cc: <ccielab@groupstudy.com>; <anawaz@cisco.com>; "'Jon CCIE-study Account'"
<cciestudy@bennedsgaard.dk>
Sent: Monday, October 29, 2001 8:56 PM
Subject: RE: Virtual Link Authentication
> Eric,
>
> Did you know that the area virtual-link command requires a router-id
>
> area area-id virtual-link router-id [authentication [message-digest |
null]]
> [hello-interval seconds] [retransmit-interval seconds] [transmit-delay
> seconds] [dead-interval seconds] [[authentication-key key] |
> [message-digest-key keyid md5 key]]
>
> You have not set your router-id for either of your ospf process, so it's
> going to use your highest ip address from your interfaces.
>
> The statement:
> area 45 virtual-link 4.4.4.4 authentication message-digest
>
> Is not going to work, since I don't believe 4.4.4.4 is going to be your
> router-id on the other router. I would assume 160.5.54.4 would be the
> router-id.
>
> Albert
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Eric Sarraf
> Sent: Tuesday, October 30, 2001 10:08 AM
> To: Jon CCIE-study Account
> Cc: ccielab@groupstudy.com; anawaz@cisco.com
> Subject: Re: Virtual Link Authentication
>
>
> Here are the configs. Area 0 resides on R5's Serial0. Area 45 is on R4's
> Ethernet0 and R5's Ethernet 1.
>
> Thanks guys for the extra effort.
>
> R4500M-3A-R5#sh run
> Building configuration...
>
> Current configuration : 3653 bytes
> !
> version 12.1
> service timestamps debug datetime
> service timestamps log datetime
> no service password-encryption
> !
> hostname R4500M-3A-R5
> !
> enable password ww
> !
> ip subnet-zero
> no ip finger
> no ip domain-lookup
> !
> !
> source-bridge ring-group 2000
> source-bridge transparent 2000 100 1 10
> dlsw local-peer peer-id 5.5.5.5
> dlsw remote-peer 0 tcp 3.3.3.3 host-netbios-out test2
> dlsw icanreach mac-address 4000.2000.1000 mask ffff.ffff.ffff
> dlsw bridge-group 1
> !
> !
> interface Loopback0
> ip address 5.5.5.5 255.255.255.255
> !
> interface Loopback1
> ip address 160.5.65.1 255.255.255.0
> ip ospf network point-to-point
> !
> interface Loopback2
> ip address 160.5.66.1 255.255.255.0
> ip ospf network point-to-point
> !
> interface Loopback3
> ip address 160.5.67.1 255.255.255.0
> !
> interface Loopback4
> ip address 160.5.68.1 255.255.255.0
> !
> interface Loopback5
> no ip address
> !
> interface Loopback21
> ip address 21.21.21.21 255.255.255.255
> !
> interface Ethernet0
> ip address 160.5.53.5 255.255.255.0
> media-type 10BaseT
> !
> interface Ethernet1
> ip address 160.5.54.5 255.255.255.0
> media-type 10BaseT
> bridge-group 10
> !
> interface Serial0
> ip address 160.5.1.5 255.255.255.248
> ip access-group 5 in
> encapsulation frame-relay
> ip ospf message-digest-key 1 md5 cisco
> ip ospf network non-broadcast
> ip ospf priority 10
> no fair-queue
> clockrate 64000
> frame-relay map ip 160.5.1.1 201 broadcast
> frame-relay map ip 160.5.1.3 100 broadcast
> no frame-relay inverse-arp
> !
> interface Serial1
> no ip address
> shutdown
> !
> interface TokenRing0
> ip address 160.5.5.5 255.255.255.0
> ring-speed 16
> source-bridge 1 1 2000
> source-bridge spanning
> netbios output-access-filter host test
> !
> interface TokenRing1
> ip address 160.1.45.1 255.255.255.0
> shutdown
> ring-speed 16
> !
> router ospf 1
> log-adjacency-changes
> area 0 authentication message-digest
> area 45 virtual-link 4.4.4.4 authentication message-digest
> area 45 virtual-link 4.4.4.4 message-digest-key 1 md5 cisco
> area 55 range 160.5.64.0 255.255.248.0
> redistribute connected subnets
> network 160.5.1.0 0.0.0.255 area 0
> network 160.5.53.0 0.0.0.255 area 5
> network 160.5.54.0 0.0.0.255 area 45
> network 160.5.64.0 0.0.7.255 area 55
> neighbor 160.5.1.1
> neighbor 160.5.1.3
> !
> router bgp 65050
> no synchronization
> bgp log-neighbor-changes
> bgp confederation identifier 5000
> bgp confederation peers 65040
> network 5.5.5.5 mask 255.255.255.255
> neighbor 1.1.1.1 remote-as 65050
> neighbor 1.1.1.1 update-source Loopback0
> neighbor 1.1.1.1 route-reflector-client
> neighbor 3.3.3.3 remote-as 65050
> neighbor 3.3.3.3 update-source Loopback0
> neighbor 3.3.3.3 route-reflector-client
> neighbor 4.4.4.4 remote-as 65040
> neighbor 4.4.4.4 ebgp-multihop 255
> neighbor 4.4.4.4 update-source Loopback0
> !
> ip classless
> no ip http server
> !
> access-list 5 deny 160.5.68.0 0.0.0.255
> access-list 5 permit any
> access-list 10 permit 160.5.65.0 0.0.0.255
> access-list 11 deny 160.5.68.0 0.0.0.255
> access-list 11 permit any
> access-list 165 deny ip host 160.5.68.0 255.255.255.0 0.0.0.255
> access-list 165 permit ip any any
> access-list 200 permit 0x0000 0x0D0D
> access-list 200 deny 0x0000 0xFFFF
> route-map supp permit 10
> match ip address 10
> !
> route-map suppress permit 10
> match ip address 165
> !
> bridge 1 protocol ieee
> bridge 10 protocol ieee
> !
> line con 0
> exec-timeout 0 0
> transport input none
> line aux 0
> line vty 0 4
> password ww
> login
> !
> end
>
>
>
> R2514-4M-R4#sh run
> Building configuration...
>
> Current configuration:
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname R2514-4M-R4
> !
> !
> username R2514-4K-R1 password 0 cisco
> username bangalore password 0 cisco
> ip subnet-zero
> no ip domain-lookup
> isdn switch-type basic-ni
> !
> !
> !
> interface Loopback0
> ip address 4.4.4.4 255.255.255.255
> no ip directed-broadcast
> !
> interface Ethernet0
> ip address 160.5.54.4 255.255.255.0
> no ip directed-broadcast
> !
> interface Serial0
> ip address 150.100.1.5 255.255.255.0
> no ip directed-broadcast
> no ip mroute-cache
> no fair-queue
> !
> interface Serial1
> no ip address
> no ip directed-broadcast
> shutdown
> !
> interface BRI0
> ip address 160.5.14.2 255.255.255.252
> no ip directed-broadcast
> encapsulation ppp
> dialer idle-timeout 300
> dialer map ip 160.5.14.1 name bangalore broadcast 4349062
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 40843490640101 4349064
> isdn spid2 40843490650101 4349065
> no peer neighbor-route
> ppp authentication chap callin
> ppp chap hostname mumbai
> ppp chap password 7 060506324F41
> ppp multilink
> !
> router ospf 1
> area 45 virtual-link 160.5.68.1 authentication message-digest
> area 45 virtual-link 160.5.68.1 message-digest-key 1 md5 cisco
> redistribute connected subnets
> redistribute rip subnets
> network 150.100.1.5 0.0.0.0 area 4
> network 160.5.14.2 0.0.0.0 area 14
> network 160.5.54.0 0.0.0.255 area 45
> !
> router rip
> network 150.100.0.0
> distribute-list 3 out ospf 1
> distribute-list 4 out Serial0
> !
> router bgp 65040
> no synchronization
> bgp confederation identifier 5000
> bgp confederation peers 65050
> network 4.4.4.4 mask 255.255.255.255
> neighbor 5.5.5.5 remote-as 65050
> neighbor 5.5.5.5 ebgp-multihop 3
> neighbor 5.5.5.5 update-source Loopback0
> !
> ip classless
> !
> access-list 2 deny 160.5.0.0
> access-list 2 deny 150.100.0.0 0.0.255.255
> access-list 2 permit any
> access-list 3 permit 195.1.0.0 0.0.30.0
> access-list 4 permit 160.5.0.0 0.0.255.255
> access-list 105 permit ip any host 255.255.255.255
> dialer-list 1 protocol ip permit
> route-map RIP-OSPF permit 10
> match ip address 3
> !
> line con 0
> session-timeout 500
> exec-timeout 0 0
> transport input none
> line aux 0
> line vty 0 4
> password cisco
> login
> !
> end
>
> R4 debug message:
> 03:26:42: OSPF: Rcv pkt from 160.5.54.5, Ethernet0 : Mismatch
> Authentication Key - Message Digest Key 1
> 03:26:46: OSPF: Send with youngest Key 1
>
> R5 debug message:
> *Nov 22 17:56:56: OSPF: Rcv pkt from 160.5.54.4, Ethernet1 : Mismatch
> Authentication Key - Message Digest Key 1
> *Nov 22 17:56:56: OSPF: Send with youngest Key 1
>
> At 10:10 PM 10/29/2001 +0100, Jon CCIE-study Account wrote:
> >Hi Eric
> >
> >If you have tried to enable MD authentication on BOTH routers could you
> >provide us with the configurations and debugs from both routers from the
> >non-working example?
> >
> >best regard,
> >Jon
> >----- Original Message -----
> >From: "Eric Sarraf" <esarraf@cisco.com>
> >To: <ccielab@groupstudy.com>
> >Sent: Monday, October 29, 2001 6:50 PM
> >Subject: Virtual Link Authentication
> >
> >
> > > I have enabled message-digest authentication on area 0. There is also
> > > virtual link between my two routers R4 and R5 residing on area 45 (R5
> >also
> > > resides on area 0). I have also enabled authentication on the virtual
> link
> > > . Things work fine with below configurations. However, if I replace
> "area
> > > 45 virtual-link 4.4.4.4 authentication" with "area 45 virtual-link
> 4.4.4.4
> > > authentication message digest" I get the following error on both
> routers:
> > >
> > > 1w1d: OSPF: Rcv pkt from 160.5.54.5, Ethernet0 : Mismatch
Authentication
> > > Key - Message Digest Key 1
> > >
> > > Why can not I have "message-digest" on my viurtual link statement?
> > >
> > > Thanks, Eric
> > >
> > > R5 router:
> > >
> > > router ospf 1
> > > log-adjacency-changes
> > > area 0 authentication message-digest
> > > area 45 virtual-link 4.4.4.4 authentication
> > > area 45 virtual-link 4.4.4.4 message-digest-key 1 md5 cisco
> > > area 55 range 160.5.64.0 255.255.248.0
> > > redistribute connected subnets
> > > network 160.5.1.0 0.0.0.255 area 0
> > > network 160.5.53.0 0.0.0.255 area 5
> > > network 160.5.54.0 0.0.0.255 area 45
> > > network 160.5.64.0 0.0.7.255 area 55
> > > neighbor 160.5.1.1
> > > neighbor 160.5.1.3
> > >
> > >
> > > R4 router:
> > >
> > > router ospf 1
> > > area 45 virtual-link 160.5.68.1 authentication
> > > area 45 virtual-link 160.5.68.1 message-digest-key 1 md5 cisco
> > > redistribute connected subnets
> > > redistribute rip subnets
> > > network 150.100.1.5 0.0.0.0 area 4
> > > network 160.5.14.2 0.0.0.0 area 14
> > > network 160.5.54.0 0.0.0.255 area 45
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:28 GMT-3