From: ccie2be (ccie2be@nyc.rr.com)
Date: Sun Nov 21 2004 - 20:01:29 GMT-3
Excellent job !!!
And, thanks for posting this.
So, the key to getting this to work is using the ip ospf network type p2m,
it seems, right?
I take it no other network types will work.
Tim
----- Original Message -----
From: "JB" <barrerj1@hotmail.com>
To: "'ccie2be'" <ccie2be@nyc.rr.com>; "'Bhagwanani, Pankaj'"
<pankaj.bhagwanani@eds.com>; <ccielab@groupstudy.com>
Sent: Tuesday, October 05, 2004 4:44 PM
Subject: RE: Physical/multipoing Serial OSPF authentication different
password s Md5
> I got it working...
>
> R5 authenticate R2 with password2
> R5 authenticate R4 with password4
>
> Ip ospf network point-to mu
>
>
>
> Rack2R5#sh run int s0/0.245
> Building configuration...
>
> Current configuration : 336 bytes
> !
> interface Serial0/0.245 multipoint
> ip address 136.2.245.5 255.255.255.0
> ip ospf authentication message-digest
> ip ospf message-digest-key 2 md5 password2
> ip ospf message-digest-key 4 md5 password4
> ip ospf network point-to-multipoint
> frame-relay map ip 136.2.245.2 502 broadcast
> frame-relay map ip 136.2.245.4 504 broadcast
>
>
> !
> !
> Neighbor ID Pri State Dead Time Address
Interface
> 150.2.4.4 0 FULL/ - 00:01:46 136.2.245.4
> Serial0/0.245
> 150.2.2.2 0 FULL/ - 00:01:36 136.2.245.2
> Serial0/0.245
> 150.2.1.1 0 FULL/ - 00:00:35 136.2.15.1
> Serial0/0.15
>
>
>
>
>
> Rack2R2#sh run int s0/0
> Building configuration...
>
> Current configuration : 286 bytes
> !
> interface Serial0/0
> ip address 136.2.245.2 255.255.255.0
> encapsulation frame-relay
> ip ospf authentication message-digest
> ip ospf message-digest-key 2 md5 password2
> ip ospf network point-to-multipoint
> frame-relay map ip 136.2.245.5 205 broadcast
> no frame-relay inverse-arp
> end
>
> Rack2R2#sh ip os
> Rack2R2#sh ip ospf nei
> Rack2R2#sh ip ospf neighbor
>
> Neighbor ID Pri State Dead Time Address
Interface
> 150.2.5.5 0 FULL/ - 00:01:31 136.2.245.5
Serial0/0
>
>
>
>
>
> Rack2R4#sh run int s0/0
> Building configuration...
>
> Current configuration : 286 bytes
> !
> interface Serial0/0
> ip address 136.2.245.4 255.255.255.0
> encapsulation frame-relay
> ip ospf authentication message-digest
> ip ospf message-digest-key 4 md5 password4
> ip ospf network point-to-multipoint
> frame-relay map ip 136.2.245.5 405 broadcast
> no frame-relay inverse-arp
> end
>
> Rack2R4#sh ip os
> Rack2R4#sh ip ospf nei
> Rack2R4#sh ip ospf neighbor
>
> Neighbor ID Pri State Dead Time Address
Interface
> 150.2.5.5 0 FULL/ - 00:01:37 136.2.245.5
Serial0/0
>
>
>
>
>
> Performed
> Clear ip ospf proccess:
>
>
>
>
> Rack2R5#clear ip ospf process
> Reset ALL OSPF processes? [no]: y
> Rack2R5#
> Rack2R5#
> Rack2R5#
> Rack2R5#
> Rack2R5#
> Rack2R5#
> Rack2R5#
> *Mar 1 20:47:16.770: %OSPF-5-ADJCHG: Process 100, Nbr 150.2.4.4 on
> Serial0/0.245 from FULL to DOWN, Neighbor Down: Interface down or detached
> *Mar 1 20:47:16.770: %OSPF-5-ADJCHG: Process 100, Nbr 150.2.2.2 on
> Serial0/0.245 from FULL to DOWN, Neighbor Down: Interface down or detached
> *Mar 1 20:47:16.770: %OSPF-5-ADJCHG: Process 100, Nbr 150.2.1.1 on
> Serial0/0.15 from FULL to DOWN, Neighbor Down: Interface down or detached
> Rack2R5#
> Rack2R5#
> Rack2R5#
> Rack2R5#
> Rack2R5#
> *Mar 1 20:47:18.558: %OSPF-5-ADJCHG: Process 100, Nbr 150.2.1.1 on
> Serial0/0.15 from LOADING to FULL, Loading Done
> Rack2R5#sh ip os
> Rack2R5#sh ip ospf nei
> Rack2R5#sh ip ospf neighbor
>
> Neighbor ID Pri State Dead Time Address
Interface
> 150.2.2.2 0 EXSTART/ - 00:01:58 136.2.245.2
> Serial0/0.245
> 150.2.1.1 0 FULL/ - 00:00:38 136.2.15.1
> Serial0/0.15
> Rack2R5#
> *Mar 1 20:47:43.786: %OSPF-5-ADJCHG: Process 100, Nbr 150.2.2.2 on
> Serial0/0.245 from LOADING to FULL, Loading Done
> Rack2R5#sh ip ospf neighbor
> *Mar 1 20:47:46.602: %OSPF-5-ADJCHG: Process 100, Nbr 150.2.4.4 on
> Serial0/0.245 from LOADING to FULL, Loading Done
> Rack2R5#sh ip ospf neighbor
>
> Neighbor ID Pri State Dead Time Address
Interface
> 150.2.4.4 0 FULL/ - 00:01:58 136.2.245.4
> Serial0/0.245
> 150.2.2.2 0 FULL/ - 00:01:58 136.2.245.2
> Serial0/0.245
> 150.2.1.1 0 FULL/ - 00:00:39 136.2.15.1
> Serial0/0.15
>
>
>
>
> Sessions are established:
>
> Debug adjacencies
>
> I can see the exchange of the respective keys:
>
>
>
>
>
>
> Rack2R5#debug ip ospf ?
> adj OSPF adjacency events
> database-timer OSPF database timer
> events OSPF events
> flood OSPF flooding
> hello OSPF hello events
> lsa-generation OSPF lsa generation
> mpls OSPF MPLS
> nsf OSPF non-stop forwarding events
> packet OSPF packets
> retransmission OSPF retransmission events
> spf OSPF spf
> tree OSPF database tree
>
> Rack2R5#debug ip ospf ad
> Rack2R5#debug ip ospf adj
> OSPF adjacency events debugging is on
> Rack2R5#clear ip os
> Rack2R5#clear ip ospf pro
> Rack2R5#clear ip ospf process
> Reset ALL OSPF processes? [no]: y
> Rack2R5#
> Rack2R5#
> *Mar 1 20:49:42.658: OSPF: Send with key 2
> *Mar 1 20:49:42.658: OSPF: Send with key 4
> *Mar 1 20:49:42.698: OSPF: Interface Serial0/0.245 going Down
> *Mar 1 20:49:42.698: OSPF: 150.2.5.5 address 136.2.245.5 on Serial0/0.245
> is dead, state DOWN
> *Mar 1 20:49:42.698: OSPF: 150.2.4.4 address 136.2.245.4 on Serial0/0.245
> is dead, state DOWN
> *Mar 1 20:49:42.698: %OSPF-5-ADJCHG: Process 100, Nbr 150.2.4.4 on
> Serial0/0.245 from FULL to DOWN, Neighbor Down: Interface down or detached
> *Mar 1 20:49:42.698: OSPF: 150.2.2.2 address 136.2.245.2 on Serial0/0.245
> is dead, state DOWN
> *Mar 1 20:49:42.698: %OSPF-5-ADJCHG: Process 100, Nbr 150.2.2.2 on
> Serial0/0.245 from FULL to DOWN, Neighbor Down: Interface down or detached
> *Mar 1 20:49:42.698: OSPF: Interface Serial0/0.15 going Down
> *Mar 1 20:49:42.698: OSPF: 150.2.5.5 address 136.2.15.5 on Serial0/0.15
is
> dead, state DOWN
> *Mar 1 20:49:42.698: OSPF: 150.2.1.1 address 136.2.15.1 on Serial0/0.15
is
> dead, state DOWN
> *Mar 1 20:49:42
> Rack2R5#
> Rack2R5#
> Rack2R5#.698: %OSPF-5-ADJCHG: Process 100, Nbr 150.2.1.1 on Serial0/0.15
> from FULL to DOWN, Neighbor Down: Interface down or detached
> *Mar 1 20:49:42.710: OSPF: Interface Serial0/0.245 going Up
> *Mar 1 20:49:42.710: OSPF: Send with youngest Key 4
> *Mar 1 20:49:42.710: OSPF: Interface Serial0/0.15 going Up
> *Mar 1 20:49:43.198: OSPF: Build router LSA for area 0, router ID
> 150.2.5.5, seq 0x80000001
> Rack2R5#
> *Mar 1 20:49:48.178: OSPF: 2 Way Communication to 150.2.1.1 on
> Serial0/0.15, state 2WAY
> *Mar 1 20:49:48.178: OSPF: Send DBD to 150.2.1.1 on Serial0/0.15 seq
0x552
> opt 0x52 flag 0x7 len 32
> *Mar 1 20:49:48.274: OSPF: Rcv DBD from 150.2.1.1 on Serial0/0.15 seq
> 0x14C2 opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART
> *Mar 1 20:49:48.274: OSPF: First DBD and we are not SLAVE
> *Mar 1 20:49:48.306: OSPF: Rcv DBD from 150.2.1.1 on Serial0/0.15 seq
0x552
> opt 0x52 flag 0x2 len 132 mtu 1500 state EXSTART
> *Mar 1 20:49:48.306: OSPF: NBR Negotiation Done. We are the MASTER
> *Mar 1 20:49:48.310: OSPF: Send DBD to 150.2.1.1 on Serial0/0.15 seq
0x553
> opt 0x52 flag 0x3 len 52
> *Mar 1 20:49:48.310: OSPF: Database request to 150.2.1.1
> *Mar 1 20:49:48.310: OSPF: sent LS REQ packet to 136.2.15.1, length 60
> *Mar 1 20:49:48.474: OSPF: Rcv DBD from 150.2.1.1 on Serial0/0.15 seq
0x553
> opt 0x52 flag 0x0 len 32 mtu 1500 state EXCHANGE
> *Mar 1 20:49:48.474: OSPF: Send DBD to 150.2.1.1 on Seri
> Rack2R5#al0/0.15 seq 0x554 opt 0x52 flag 0x1 len 32
> *Mar 1 20:49:48.574: OSPF: Rcv DBD from 150.2.1.1 on Serial0/0.15 seq
0x554
> opt 0x52 flag 0x0 len 32 mtu 1500 state EXCHANGE
> *Mar 1 20:49:48.574: OSPF: Exchange Done with 150.2.1.1 on Serial0/0.15
> *Mar 1 20:49:48.574: OSPF: Synchronized with 150.2.1.1 on Serial0/0.15,
> state FULL
> *Mar 1 20:49:48.574: %OSPF-5-ADJCHG: Process 100, Nbr 150.2.1.1 on
> Serial0/0.15 from LOADING to FULL, Loading Done
> Rack2R5#
> *Mar 1 20:49:49.074: OSPF: Build router LSA for area 0, router ID
> 150.2.5.5, seq 0x80000002
> Rack2R5#
> *Mar 1 20:49:54.634: OSPF: Build router LSA for area 0, router ID
> 150.2.5.5, seq 0x8000001C
> Rack2R5#
> *Mar 1 20:50:08.526: OSPF: 2 Way Communication to 150.2.2.2 on
> Serial0/0.245, state 2WAY
> *Mar 1 20:50:08.526: OSPF: Send DBD to 150.2.2.2 on Serial0/0.245 seq
0xDDC
> opt 0x52 flag 0x7 len 32
> *Mar 1 20:50:08.526: OSPF: Send with key 2
> *Mar 1 20:50:08.530: OSPF: Send with key 4
> *Mar 1 20:50:08.590: OSPF: Rcv DBD from 150.2.2.2 on Serial0/0.245 seq
> 0x1833 opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART
> *Mar 1 20:50:08.590: OSPF: First DBD and we are not SLAVE
> Rack2R5#
> *Mar 1 20:50:12.710: OSPF: Send with key 2
> *Mar 1 20:50:12.710: OSPF: Send with key 4
> *Mar 1 20:50:13.530: OSPF: Send DBD to 150.2.2.2 on Serial0/0.245 seq
0xDDC
> opt 0x52 flag 0x7 len 32
> *Mar 1 20:50:13.530: OSPF: Send with key 2
> *Mar 1 20:50:13.530: OSPF: Send with key 4
> *Mar 1 20:50:13.530: OSPF: Retransmitting DBD to 150.2.2.2 on
Serial0/0.245
> [1]
> *Mar 1 20:50:13.586: OSPF: Rcv DBD from 150.2.2.2 on Serial0/0.245 seq
> 0x1833 opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART
> *Mar 1 20:50:13.586: OSPF: First DBD and we are not SLAVE
> *Mar 1 20:50:13.626: OSPF: Rcv DBD from 150.2.2.2 on Serial0/0.245 seq
> 0xDDC opt 0x52 flag 0x2 len 132 mtu 1500 state EXSTART
> *Mar 1 20:50:13.626: OSPF: NBR Negotiation Done. We are the MASTER
> *Mar 1 20:50:13.626: OSPF: Send DBD to 150.2.2.2 on Serial0/0.245 seq
0xDDD
> opt 0x52 flag 0x3 len 152
> *Mar 1 20:50:13.626: OSPF: Send with key 2
> *Mar 1 20:50:13.630: OSPF: Send with key 4
> *Mar 1 20:50:13.630: OSPF: Send with key 2
> *Mar
> Rack2R5#1 20:50:13.630: OSPF: Send with key 4
> *Mar 1 20:50:13.630: OSPF: Database request to 150.2.2.2
> *Mar 1 20:50:13.630: OSPF: sent LS REQ packet to 136.2.245.2, length 12
> *Mar 1 20:50:13.718: OSPF: Rcv DBD from 150.2.2.2 on Serial0/0.245 seq
> 0xDDD opt 0x52 flag 0x0 len 32 mtu 1500 state EXCHANGE
> *Mar 1 20:50:13.718: OSPF: Send DBD to 150.2.2.2 on Serial0/0.245 seq
0xDDE
> opt 0x52 flag 0x1 len 32
> *Mar 1 20:50:13.722: OSPF: Send with key 2
> *Mar 1 20:50:13.722: OSPF: Send with key 4
> *Mar 1 20:50:13.730: OSPF: Send with key 2
> *Mar 1 20:50:13.730: OSPF: Send with key 4
> *Mar 1 20:50:13.782: OSPF: Rcv DBD from 150.2.2.2 on Serial0/0.245 seq
> 0xDDE opt 0x52 flag 0x0 len 32 mtu 1500 state EXCHANGE
> *Mar 1 20:50:13.782: OSPF: Exchange Done with 150.2.2.2 on Serial0/0.245
> *Mar 1 20:50:13.782: OSPF: Synchronized with 150.2.2.2 on Serial0/0.245,
> state FULL
> *Mar 1 20:50:13.782: %OSPF-5-ADJCHG: Process 100, Nbr 150.2.2.2 on
> Serial0/0.245 from LOADING to FULL, Loading Done
> *Mar 1 20:50:14.286: OSPF: Send with key 2
> *Mar 1 20:50:14.286: OSPF: Send with key 4
> *Mar 1 20:50:14.286: OSPF: Build router LSA for area 0, router ID
> 150.2.5.5, seq 0x8000001D
> *Mar 1 20:50:15.346: OSPF: 2 Way Communication to 150.2.4.4 on
> Serial0/0.245, state 2WAY
> *Mar 1 20:50:15.346: OSPF: Send DBD to 150.2.4.4 on Serial0/0.245 seq
> 0x14EF opt 0x52 flag 0x7 len 32
> *Mar 1 20:50:15.346: OSPF: Send with key 2
> *Mar 1 20:50:15.346: OSPF: Send with key 4
> *Mar 1 20:50:15.422: OSPF: Rcv DBD from 150.2.4.4 on Serial0/0.245 seq
> 0x1BDC opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART
> *Mar 1 20:50:15.422: OSPF: First DBD and we are not SLAVE
> *Mar 1 20:50:15.462: OSPF: Rcv DBD from 150.2.4.4 on Serial0/0.245 seq
> 0x14EF opt 0x52 flag 0x2 len 132 mtu 1500 state EXSTART
> *Mar 1 20:50:15.462: OSPF: NBR Negotiation Done. We are the MASTER
> *Mar 1 20:50:15.462: OSPF: Send DBD to 150.2.4.4 on Serial0/0.245 seq
> 0x14F0 opt 0x52 flag 0x3 len 152
> *Mar 1 20:50:15.462: OSPF: Send with key 2
> *Mar 1 20:50:15.462: OSPF: Send with key 4
> *Mar 1 20:50:15.466: OSPF: Send with key 2
> *Mar 1 20:50:15.466: OSPF: Send with key 4
> *Mar 1 20:50:15.466: OSPF: Database request to 150.2.4.4
> *Mar 1 20:50:15.466: OSPF: sent LS REQ packet to 136.2.245.4, length 12
> *Mar 1 20:50:15.586: OSPF: Rcv DBD from 150.2.4.4 on Serial0/0.245 seq
> 0x14F0 opt 0x52 flag 0x0 len 32 mtu 1500 state EXCHANGE
> *Mar 1 20:50:15.586: OSPF: Send DBD to 150.2.4.4 on Serial0/0.245 seq
> 0x14F1 opt 0x52 flag 0x1 len 32
> *Mar 1 20:50:15.586: OSPF: Send with key 2
> *Mar 1 20:50:15.586: OSPF: Send with key 4
> *Mar 1 20:50:15.598: OSPF: Send with key 2
> *Mar 1 20:50:15.598: OSPF: Send with key 4
> *Mar 1 20:50:15.614: OSPF: Send with key 2
> *Mar 1 20:50:15.614: OSPF: Send with key 4
> *Mar 1 20:50:15.662: OSPF: Rcv DBD from 150.2.4.4 on Serial0/0.245 seq
> 0x14F1 opt 0x52 flag 0x0 len 32 mtu 1500 state EXCHANGE
> *Mar 1 20:50:15.662: OSPF: Exchange Done with 150.2.4.4 on Serial0/0.245
> *Mar 1 20:50:15.662: OSPF: Synchronized with 150.2.4.4 on Serial0/0.245,
> state FULL
> *Mar 1 20:50:15.662: %OSPF-5-ADJCHG: Process 100, Nbr 150.2.4.4 on
> Serial0/0.245 from LOADING to FULL, Loading Done
> *Mar 1 20:50:16.262: OSPF: Send with key 2
> *Mar 1 20:50:16.262: OSPF: Send with key 4
> Rack2R5#
> Rack2R5#
> *Mar 1 20:50:19.202: OSPF: Send with key 2
> *Mar 1 20:50:19.202: OSPF: Send with key 4
> *Mar 1 20:50:19.254: OSPF: Send with key 2
> *Mar 1 20:50:19.254: OSPF: Send with key 4
> Rack2R5#
> *Mar 1 20:50:20.234: OSPF: Send with key 2
> *Mar 1 20:50:20.234: OSPF: Send with key 4
> *Mar 1 20:50:20.238: OSPF: Build router LSA for area 0, router ID
> 150.2.5.5, seq 0x8000001E
> Rack2R5#
> *Mar 1 20:50:21.758: OSPF: Send with key 2
> *Mar 1 20:50:21.758: OSPF: Send with key 4
> *Mar 1 20:50:22.438: OSPF: Send with key 2
> *Mar 1 20:50:22.442: OSPF: Send with key 4
> Rack2R5#
> *Mar 1 20:50:24.942: OSPF: Send with key 2
> *Mar 1 20:50:24.942: OSPF: Send with key 4
> Rack2R5#sh ip os
> Rack2R5#sh ip ospf nei
> Rack2R5#sh ip ospf neighbor
>
> Neighbor ID Pri State Dead Time Address
Interface
> 150.2.4.4 0 FULL/ - 00:01:50 136.2.245.4
> Serial0/0.245
> 150.2.2.2 0 FULL/ - 00:01:52 136.2.245.2
> Serial0/0.245
> 150.2.1.1 0 FULL/ - 00:00:36 136.2.15.1
> Serial0/0.15
> Rack2R5#
> *Mar 1 20:50:42.710: OSPF: Send with key 2
> *Mar 1 20:50:42.710: OSPF: Send with key 4
> Rack2R5#
> *Mar 1 20:51:12.710: OSPF: Send with key 2
> *Mar 1 20:51:12.710: OSPF: Send with key 4
> Rack2R5#
> *Mar 1 20:51:42.710: OSPF: Send with key 2
> *Mar 1 20:51:42.710: OSPF: Send with key 4
> Rack2R5#
> *Mar 1 20:52:12.710: OSPF: Send with key 2
> *Mar 1 20:52:12.710: OSPF: Send with key 4
> Rack2R5#
> *Mar 1 20:52:42.710: OSPF: Send with key 2
> *Mar 1 20:52:42.710: OSPF: Send with key 4
> Rack2R5#
> *Mar 1 20:53:12.710: OSPF: Send with key 2
> *Mar 1 20:53:12.710: OSPF: Send with key 4
>
> Continues by exchanging Keys
>
>
>
>
>
> Any comments?
>
> JB
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> ccie2be
> Sent: Thursday, November 18, 2004 7:17 AM
> To: Bhagwanani, Pankaj; ccielab@groupstudy.com
> Subject: Re: Physical/multipoing Serial OSPF authentication different
> password s Md5
>
> I don't think this can be done.
>
> I think the rule is: same subnet, same password.
>
> Please, if I'm mistaken, someone correct me.
>
>
> ----- Original Message -----
> From: "Bhagwanani, Pankaj" <pankaj.bhagwanani@eds.com>
> To: <ccielab@groupstudy.com>
> Sent: Thursday, November 18, 2004 3:17 AM
> Subject: Physical/multipoing Serial OSPF authentication different password
s
> Md5
>
>
> > Hello
> >
> > I am trying to get md5 authentication working btw spokes with different
> > passwords , I can not get it working . Can anyone help, or can this not
be
> > done ?
> >
> > Configs are
> >
> > hub
> >
> > !
> > interface Serial0.2 multipoint
> > ip address 136.10.100.2 255.255.255.224
> > ip ospf authentication message-digest
> > ip ospf message-digest-key 5 md5 cisco1
> > ip ospf message-digest-key 6 md5 cisco2
> > !
> >
> > on one spoke
> >
> > !
> > interface Serial0
> > ip address 136.10.100.5 255.255.255.224
> > ip ospf authentication message-digest
> > ip ospf message-digest-key 5 md5 cisco1
> >
> > on the other spoke
> >
> > !
> > interface Serial1/0
> > ip address 136.10.100.6 255.255.255.224
> > ip ospf authentication message-digest
> > ip ospf message-digest-key 6 md5 cisco2
> >
> > Thanks
> > Pakaj
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:48 GMT-3