Re: OSPF md5 authentication

From: kym blair (kymblair@xxxxxxxxxxx)
Date: Thu Jul 04 2002 - 21:05:16 GMT-3

• Next message: Nguyen, Thai: "RE: The old problem of getting /32 loopbacks with class b address es into IGRP as /24 and then advertised out of IGRP elsewhere"
• Previous message: Nick Shah: "Re: OSPF md5 authentication"
• Maybe in reply to: kym blair: "OSPF md5 authentication"
• Next in thread: steven.j.nelson@xxxxxx: "RE: OSPF md5 authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Nick,

This is exactly what I was looking for, the order of installation. I've had
the problem when I configured authentication on each router as I was setting
up ospf; your instructions to set up ospf adjacencies first, then go back to
each router to install authentication (starting with area 0 auth first, then
the interface command) seems to work every time.

Thanks much.

Kym

>From: "Nick Shah" <nshah@connect.com.au>
>To: "kym blair" <kymblair@hotmail.com>, <ccielab@groupstudy.com>
>CC: <tlarus@cox.net>
>Subject: Re: OSPF md5 authentication
>Date: Fri, 5 Jul 2002 09:47:43 +1000
>
>Kym,
>
>Is it safe to assume that the frame cloud is area 0 (or atleast in a single
>area)? In that case, we have something like
>
> R1
> |
>------------
>| |
>
>R2 R3
>
>R1 is the hub router, running multipoint interface, R2 & R3 physical
>interfaces.
>Change type on R1 to non-broadcast
>define ospf interface prio on R2 & R3 to be 0
>Change ospf interface prio on R1 to be 1 or more
>Apply neighbor commands on R1 (this is required, since we are running
>non-broadcast mode)
>
>Adjacency is formed,
>specify area 0 authentication on all three, specify authentication string
>on
>R1's ,R2's & R3's interface.
>
>Should Work. If it doesnt, what does show ip ospf say (the second line
>under
>Area 0, if it mentions authentication).
>
>rgds
>Nick
>----- Original Message -----
>From: "kym blair" <kymblair@hotmail.com>
>To: <ccielab@groupstudy.com>
>Cc: <tlarus@cox.net>; <nshah@connect.com.au>
>Sent: Friday, July 05, 2002 8:03 AM
>Subject: OSPF md5 authentication
>
>
> > This has been discussed several times, but I haven't see a working
>solution
> > and hope someone has it:
> >
> > --MD5 authentication in area 0 over Frame Relay
> >
> > --hub router (multipoint subinterface; okay to change the ospf network
>type)
> >
> > -- two spoke routers (physical serial interface; cannot change the
>interface
> > type from non-broadcast [this means that the three routers must elect
>DR;
> > you may set the priority to 0 on the spoke routers]).
> >
> > Adjacencies without authentication, but when a message-digest-key is
>added
> > to the three, the hub router forms an adjacency with only one of the
>spokes.
> > Generates a mismatch key error with the second spoke router.
> >
> > If you know the trick to get the hub to form adjacencies with both
>spokes,
> > I'd sure appreciate hearing it.
> >
> >
> > Thanks,
> >
> > Kym
> >
> >
> >
> >

• Next message: Nguyen, Thai: "RE: The old problem of getting /32 loopbacks with class b address es into IGRP as /24 and then advertised out of IGRP elsewhere"
• Previous message: Nick Shah: "Re: OSPF md5 authentication"
• Maybe in reply to: kym blair: "OSPF md5 authentication"
• Next in thread: steven.j.nelson@xxxxxx: "RE: OSPF md5 authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:19 GMT-3