From: ccie2be (ccie2be@nyc.rr.com)
Date: Tue Aug 12 2003 - 00:14:49 GMT-3
Hi,
I'm going to venture a reply to this situation. I'm not at all sure this is
a correct answer but hopefully someone will confirm or correct my response.
At first, I didn't even think it was possible to have different passwords on
the same subnet but when I read through your config's I came up with a
theory that might explain what's going on.
As with RIP v2, OSPF allows multiple different md5 keys to be in effect at
the same time. This is so passwords can be changed without being down ospf
adjacencies. Based on the sequence of neighbor adjacencies and the key
number, it seems that first the adjacency using key 1 has to formed before
the adjacency using key 2.
I wonder what would happen if to begin all 3 routers were configured with
the same password and key # and then the key # and password were changed
just between R5 and one of the other routers.
dt
----- Original Message -----
From: <wwwjjang@chol.com>
To: <ccielab@groupstudy.com>
Sent: Monday, August 11, 2003 10:05 PM
Subject: OSPF's interface Authenticaion !!!!
> Hi..Everyone
>
> When i config a OSPF's interface Authenticaion ,
> it don't work well !!
>
> Please help me..
>
> ---------
> Question
> ----------
> - R5(S 1.1 multipoint),R1(S1) & R6(S1) is connected with a FR-network
> & covered with a OSPF area 0 & in a same subnet
> - Configure the strongest form of authentication on R1 & R6 across
> the frame network
> - Ensure that the authentication passwords on R1 & R6 are different.
> use a 'test1' on R1 and 'test2' on R6.
> -OSPF's Router ID is 133.10.x.x (x= the # of router)
> (ex R1's id= 133.10.1.1)
> -----------
> My answer
> -----------
> R5>
> ----
> interface Serial1.1 multipoint
> ip address 133.10.156.5 255.255.255.0
> ip ospf authentication message-digest **
> ip ospf message-digest-key 1 md5 password1 **
> ip ospf message-digest-key 2 md5 password6 **
> frame-relay map ip 133.10.156.1 501 broadcast
> frame-relay map ip 133.10.156.6 506 broadcast
> -----
> R1>
> -----
> interface Serial0
> ip address 133.10.156.1 255.255.255.0
> encapsulation frame-relay
> ip ospf authentication message-digest **
> ip ospf message-digest-key 1 md5 password1 **
> ip ospf priority 0
> frame-relay map ip 133.10.156.5 105 broadcast
> frame-relay map ip 133.10.156.6 105 broadcast
> no frame-relay inverse-arp
> frame-relay lmi-type ansi
> ----
> R6>
> -----
> interface Serial1
> ip address 133.10.156.6 255.255.255.0
> encapsulation frame-relay
> ip ospf authentication message-digest **
> ip ospf message-digest-key 2 md5 password6 **
> ip ospf priority 0
> frame-relay map ip 133.10.156.1 605 broadcast
> frame-relay map ip 133.10.156.5 605 broadcast
> no frame-relay inverse-arp
> frame-relay lmi-type ansi
>
> => But the neighbor relationship between R5 & R1 is not established !!
> (R5 & R6's is established !!)
> R5#sh ip ospf neighbor
>
> Neighbor ID Pri State Dead Time Address
Interface
> 133.10.6.6 0 FULL/DROTHER 00:01:49 133.10.156.6
Serial1.1
> N/A 0 ATTEMPT/DROTHER - 133.10.156.1
Serial1.1
>
>
>
> =>Fitst, When i remove the R5-R6's authentication, the Neighbor relation
is
> between R5 & R1 established (it's trivial)
>
> R5(config)#interface Serial1.1 multipoint
> R5(config-subif)#no ip ospf message-digest-key 2 md5 password6
> 00:26:55: %OSPF-5-ADJCHG: Process 1, Nbr 133.10.1.1 on Serial1.1 from
LOADING to FULL, Loading Done
>
> => Second, When i add a the R5-R6's authentication, the Neighbor relation
is
> between R5 & R6 established
>
> R5(config)#interface Serial1.1 multipoint
> R5(config-subif)#ip ospf message-digest-key 2 md5 password6
>
> 00:30:29: %OSPF-5-ADJCHG: Process 1, Nbr 133.10.6.6 on Serial1.1 from
LOADING to FULL, Loading Done
>
> => the ospf neighboring between R5 & R1, R5 & R6 are established !!!
>
> R5#sh ip ospf neighbor
>
> Neighbor ID Pri State Dead Time Address
Interface
> 133.10.1.1 0 FULL/DROTHER 00:01:34 133.10.156.1
Serial1.1
> 133.10.6.6 0 FULL/DROTHER 00:01:52 133.10.156.6
Serial1.1
>
> =>what the reason of this situation !!!
> who know the reason, Help me !!!!
>
> Thanks .
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:53:57 GMT-3