From: TK-Network Çözümleri (umit.askan@xxxxxxxxxxxxx)
Date: Thu Jul 25 2002 - 09:38:31 GMT-3
Hi,
yes you can. the way is a little tricky. look my topology. R2 is hub and
R3 and R4( authenticated) spokes.
you must write ip ospf auth under interface, But you have only one int.
Make 2 multipoint subints and give them ip's at the same block.
at the situation you can make auth at one subint.
when you make 2 subints with the same ip block, hub router sees that
block with 2 different int and one packet goes on true int one packet
goes on wrong int.
for solving that problem write static routes or make the ospf net type
point-to-multipont ( inserts host routes ) for saying go along that way.
I tried it for you : look the configs, it is working
R2........................................
interface Loopback0
ip address 10.10.10.1 255.255.255.0
ip ospf network point-to-point
!
interface Serial1/0
no ip address
encapsulation frame-relay
no fair-queue
!
interface Serial1/0.1 multipoint
ip address 1.1.1.1 255.255.255.0
ip ospf network point-to-multipoint
frame-relay map ip 1.1.1.3 203 broadcast
!
nterface Serial1/0.3 multipoint
ip address 1.1.1.2 255.255.255.0
ip ospf authentication
ip ospf authentication-key cisco
ip ospf network point-to-multipoint
frame-relay map ip 1.1.1.4 204 broadcast
!
router ospf 1
log-adjacency-changes
network 1.0.0.0 0.255.255.255 area 0
network 10.0.0.0 0.255.255.255 area 0
R4..........................................................
interface Serial0/0
ip address 1.1.1.4 255.255.255.0
encapsulation frame-relay
ip ospf authentication
ip ospf authentication-key cisco
ip ospf network point-to-multipoint
no arp frame-relay
frame-relay map ip 1.1.1.1 402 broadcast
frame-relay map ip 1.1.1.2 402 broadcast
frame-relay map ip 1.1.1.3 402 broadcast
no frame-relay inverse-arp
!
router ospf 1
log-adjacency-changes
network 1.0.0.0 0.255.255.255 area 0
R3....................................................
interface Serial0/0
ip address 1.1.1.3 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-multipoint
ip ospf priority 0
no fair-queue
no arp frame-relay
frame-relay map ip 1.1.1.1 302 broadcast
frame-relay map ip 1.1.1.2 302 broadcast
frame-relay map ip 1.1.1.4 302 broadcast
no frame-relay inverse-arp
!
router ospf 1
log-adjacency-changes
network 1.0.0.0 0.255.255.255 area 0
........................................................................
........................................................
R4#sh ip rou
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 1.1.1.1/32 [110/781] via 1.1.1.2, 00:16:15, Serial0/0
C 1.1.1.0/24 is directly connected, Serial0/0
O 1.1.1.3/32 [110/829] via 1.1.1.2, 00:16:15, Serial0/0
O 1.1.1.2/32 [110/781] via 1.1.1.2, 00:16:15, Serial0/0
10.0.0.0/24 is subnetted, 1 subnets
O 10.10.10.0 [110/782] via 1.1.1.2, 00:16:15, Serial0/0
........................................................................
.........................................................
R2
Serial1/0.3 is up, line protocol is up
Internet Address 1.1.1.2/24, Area 0
Process ID 1, Router ID 1.1.1.2, Network Type POINT_TO_MULTIPOINT,
Cost: 48
Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT,
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
Hello due in 00:00:09
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.4
Suppress hello for 0 neighbor(s)
Simple password authentication enabled
............................................. OKI DOKI
.................................
Serial1/0.1 is up, line protocol is up
Internet Address 1.1.1.1/24, Area 0
Process ID 1, Router ID 1.1.1.2, Network Type POINT_TO_MULTIPOINT,
Cost: 48
Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT,
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
Hello due in 00:00:22
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.3
Suppress hello for 0 neighbor(s)
Hope this helps
best Regards
umit
-----Original Message-----
From: yakout esmat [mailto:yesmat@iprimus.com.au]
Sent: Thursday, July 25, 2002 14:09
To: Groupstudy
Subject: OSPF interface authentication (not area authent.)
I have come across a OSPF Interface authentication issue might or might
not
be of significance.
If we have hub and two spokes in frame relay network sharing the same
subnet.
If I do interface authentication between the hub and one of the spokes
only,
I lose adjancey with the other spoke understandably.
Is there a way with which we can do interface ONLY authentication (not
are
authentication) between hub and only one of the spokes without loosing
the
other spoke??
I would think not, but if any body has insight on this issue, would be
appreciated.
Cheers
Yakout
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:43 GMT-3