From: yakout esmat (yesmat@xxxxxxxxxxxxxx)
Date: Thu Jul 25 2002 - 11:00:32 GMT-3
Obviously this is a working solution. I never tried to put two subinterfaces
on the same subnet thinking that the behaviour would be similar to putting
two physical interfaces on the same subnet (overlapping)
Thanks for your help.
Yakout
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
\mit Askan (TK-Network Gvz|mleri)
Sent: Thursday, July 25, 2002 10:39 PM
To: 'yakout esmat'
Cc: Ccie (E-mail)
Subject: RE: OSPF interface authentication (not area authent.)
Hi,
yes you can. the way is a little tricky. look my topology. R2 is hub and
R3 and R4( authenticated) spokes.
you must write ip ospf auth under interface, But you have only one int.
Make 2 multipoint subints and give them ip's at the same block.
at the situation you can make auth at one subint.
when you make 2 subints with the same ip block, hub router sees that
block with 2 different int and one packet goes on true int one packet
goes on wrong int.
for solving that problem write static routes or make the ospf net type
point-to-multipont ( inserts host routes ) for saying go along that way.
I tried it for you : look the configs, it is working
R2........................................
interface Loopback0
ip address 10.10.10.1 255.255.255.0
ip ospf network point-to-point
!
interface Serial1/0
no ip address
encapsulation frame-relay
no fair-queue
!
interface Serial1/0.1 multipoint
ip address 1.1.1.1 255.255.255.0
ip ospf network point-to-multipoint
frame-relay map ip 1.1.1.3 203 broadcast
!
nterface Serial1/0.3 multipoint
ip address 1.1.1.2 255.255.255.0
ip ospf authentication
ip ospf authentication-key cisco
ip ospf network point-to-multipoint
frame-relay map ip 1.1.1.4 204 broadcast
!
router ospf 1
log-adjacency-changes
network 1.0.0.0 0.255.255.255 area 0
network 10.0.0.0 0.255.255.255 area 0
R4..........................................................
interface Serial0/0
ip address 1.1.1.4 255.255.255.0
encapsulation frame-relay
ip ospf authentication
ip ospf authentication-key cisco
ip ospf network point-to-multipoint
no arp frame-relay
frame-relay map ip 1.1.1.1 402 broadcast
frame-relay map ip 1.1.1.2 402 broadcast
frame-relay map ip 1.1.1.3 402 broadcast
no frame-relay inverse-arp
!
router ospf 1
log-adjacency-changes
network 1.0.0.0 0.255.255.255 area 0
R3....................................................
interface Serial0/0
ip address 1.1.1.3 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-multipoint
ip ospf priority 0
no fair-queue
no arp frame-relay
frame-relay map ip 1.1.1.1 302 broadcast
frame-relay map ip 1.1.1.2 302 broadcast
frame-relay map ip 1.1.1.4 302 broadcast
no frame-relay inverse-arp
!
router ospf 1
log-adjacency-changes
network 1.0.0.0 0.255.255.255 area 0
........................................................................
........................................................
R4#sh ip rou
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 1.1.1.1/32 [110/781] via 1.1.1.2, 00:16:15, Serial0/0
C 1.1.1.0/24 is directly connected, Serial0/0
O 1.1.1.3/32 [110/829] via 1.1.1.2, 00:16:15, Serial0/0
O 1.1.1.2/32 [110/781] via 1.1.1.2, 00:16:15, Serial0/0
10.0.0.0/24 is subnetted, 1 subnets
O 10.10.10.0 [110/782] via 1.1.1.2, 00:16:15, Serial0/0
........................................................................
.........................................................
R2
Serial1/0.3 is up, line protocol is up
Internet Address 1.1.1.2/24, Area 0
Process ID 1, Router ID 1.1.1.2, Network Type POINT_TO_MULTIPOINT,
Cost: 48
Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT,
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
Hello due in 00:00:09
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.4
Suppress hello for 0 neighbor(s)
Simple password authentication enabled
............................................. OKI DOKI
.................................
Serial1/0.1 is up, line protocol is up
Internet Address 1.1.1.1/24, Area 0
Process ID 1, Router ID 1.1.1.2, Network Type POINT_TO_MULTIPOINT,
Cost: 48
Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT,
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
Hello due in 00:00:22
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.3
Suppress hello for 0 neighbor(s)
Hope this helps
best Regards
umit
-----Original Message-----
From: yakout esmat [mailto:yesmat@iprimus.com.au]
Sent: Thursday, July 25, 2002 14:09
To: Groupstudy
Subject: OSPF interface authentication (not area authent.)
I have come across a OSPF Interface authentication issue might or might
not
be of significance.
If we have hub and two spokes in frame relay network sharing the same
subnet.
If I do interface authentication between the hub and one of the spokes
only,
I lose adjancey with the other spoke understandably.
Is there a way with which we can do interface ONLY authentication (not
are
authentication) between hub and only one of the spokes without loosing
the
other spoke??
I would think not, but if any body has insight on this issue, would be
appreciated.
Cheers
Yakout
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:43 GMT-3