From: Don Banyong (don_study@xxxxxxxxxxx)
Date: Fri Mar 22 2002 - 14:34:55 GMT-3
Parry,
can you please do a debug ip packet on R1, R2 and on R5 and send it to the
group?
This is one good way we can find out what is really going on those
interfaces
----- Original Message -----
From: "Chua, Parry" <Parry.Chua@compaq.com>
To: "Don Banyong" <don_study@hotmail.com>; "Brian Lodwick"
<xpranax@hotmail.com>
Cc: <ccielab@groupstudy.com>; "Conte, Charles" <Charles.Conte@NASD.com>;
<contec@nasdaq.com>
Sent: Friday, March 22, 2002 4:24 AM
Subject: RE: RE: OSPF authentication per-link *****OSPF AUTHENTICATION 4
DUMMIES plus******
> I just conduct some test again using IOS 12.1(9) and this what I get :
>
> 1. Per-interface autheniifcation
> --------------------------------
> All links in the subnet must enable and set up the same else no neigh will
form.
> Two ip ospf command per interface
> 2. Per-area authenification
> ----------------------------
> You can override or disable the interfaces authenification by using the
keyword null.
> One command in ospf process and one in interface.
>
> (R2)-(DR)-Hub---(R1)[spoke], (R5)[spoke]
>
> 1. Per-interface authentification
> - all interface in the same subnet's must enable and setup
> to the same kind of authentification.
> - verify method, clear ip ospf process and ensure neigh is up.
>
> r5#s ip ospf
> Area 1
> Number of interfaces in this area is 2
> Area has no authentication
> SPF algorithm executed 31 times
>
> r5#
> r5#s ip ospf int s1/0.1
> Serial1/0.1 is up, line protocol is up
> Internet Address 135.1.125.5/28, Area 1
> Process ID 1, Router ID 135.1.5.5, Network Type NON_BROADCAST, Cost: 64
> Neighbor Count is 1, Adjacent neighbor count is 1
> Adjacent with neighbor 135.1.2.2 (Designated Router)
> Suppress hello for 0 neighbor(s)
> Message digest authentication enabled
> Youngest key id is 1
> ====================================================
>
> 2.0 Per area authification
> 2.1 enable area authification
> 2.2 To disable authentification on link in that area
> 2.2.1 - In interface config, ip ospf auth null
>
> R2:
> !
> router ospf 1
> area 1 authentication message-digest
> !
> interface Serial0/0.1 multipoint
> ip address 135.1.125.2 255.255.255.240
> no ip directed-broadcast
> ip pim sparse-dense-mode
> ip ospf authentication null
> -------------------------------
> r2#s ip ospf
> Area 1
> Number of interfaces in this area is 2
> Area has message digest authentication
> SPF algorithm executed 21 times
>
> R2#s ip ospf int s0/0.1
> Serial0/0.1 is up, line protocol is up
> Internet Address 135.1.125.2/28, Area 1
> Process ID 1, Router ID 135.1.2.2, Network Type NON_BROADCAST, Cost: 64
> Transmit Delay is 1 sec, State DR, Priority 255
> Designated Router (ID) 135.1.2.2, Interface address 135.1.125.2
> No backup designated router on this network
> Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
> Hello due in 00:00:00
> Neighbor Count is 2, Adjacent neighbor count is 2
> Adjacent with neighbor 135.1.5.5
> Adjacent with neighbor 135.1.1.1
> Suppress hello for 0 neighbor(s)
>
> r1#s ip ospf
> Routing Process "ospf 1" with ID 135.1.1.1
>
> Area 1
> Number of interfaces in this area is 2
> Area has no authentication
> SPF algorithm executed 13 times
>
> r1#s ip ospf neig
>
> Neighbor ID Pri State Dead Time Address
Interface
> 135.1.2.2 255 FULL/DR 00:01:42 135.1.125.2 Serial0
>
> r5#s ip os
> Area 1
> Number of interfaces in this area is 2
> Area has no authentication
> SPF algorithm executed 35 times
> Parry Chua
> /////////////////////////////////////////////////////////
> -----Original Message-----
> From: Don Banyong [mailto:don_study@hotmail.com]
> Sent: Friday, March 22, 2002 2:44 PM
> To: Brian Lodwick
> Cc: ccielab@groupstudy.com; Conte, Charles; contec@nasdaq.com
> Subject: Re: RE: OSPF authentication per-link *****OSPF AUTHENTICATION 4
> DUMMIES plus******
> //////////////////////////////////////////////////////////
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:17 GMT-3