Re: OSPF MD5 - Rollover

From: Sean C (Upp_and_Upp@hotmail.com)
Date: Thu Apr 28 2005 - 12:04:53 GMT-3

• Next message: Dennis J. Hartmann: "MQC based FRTS"
• Previous message: gladston@br.ibm.com: "Re: Monitoring Security"
• Maybe in reply to: gladston@br.ibm.com: "OSPF MD5 - Rollover"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Alsontra,

Thanks for taking the time in preparing the answer. Your configs are a
little different than the what we've seen explained before on the NBMA
links. You're placing neighbor statements on both R1 and R2. The NBMA
tests only placed a neighbor statement on 1 router, not both routers. What
happens if you only place a neighbor statement on the router with 1 key
(router 1 in this instance). Does the authentication still work even after
reboot?

Thanks, and again, appreciate your time on this,
Sean
> ----- Original Message -----
> From: "Alsontra Daniels" <alsontra@gmail.com>
> To: "'George Cassels (gcassels)'" <gcassels@cisco.com>; "'Sean C'"
> <Upp_and_Upp@hotmail.com>; <gladston@br.ibm.com>
> Cc: <ccielab@groupstudy.com>; "'Pearson John'" <jnhpearson@yahoo.co.jp>
> Sent: Wednesday, April 27, 2005 12:40 PM
> Subject: RE: OSPF MD5 - Rollover
>
>
>
> Using the following (partial configuration):
>
>
> R1
> interface FastEthernet1/0
> ip address 10.1.1.1 255.255.255.0
> ip ospf authentication message-digest
> ip ospf message-digest-key 2 md5 cisco2
> ip ospf network non-broadcast
> ip ospf hello-interval 2
> speed 100
> full-duplex
>
> R2
> interface FastEthernet1/0
> ip address 10.1.1.2 255.255.255.0
> ip ospf authentication message-digest
> ip ospf message-digest-key 1 md5 cisco
> ip ospf message-digest-key 2 md5 cisco2
> ip ospf network non-broadcast
> ip ospf hello-interval 2
> speed 100
> full-duplex
>
> And using the following permutations:
>
> 1. Nei statement on R1
> 2. Nei statement on R2
> 3. Swapping the router doing the actual rotation and rebooting between
> iterations.
>
> I cannot reproduce the problem using FE interfaces to simulate NBMA.
> After
> each reboot the router doing the Rollover reflects:
>
> Message digest authentication enabled
> Youngest key id is 2
> Rollover in progress, 1 neighbor(s) using the old key(s):
> key id 1
>
> Which reflects the expected results... Can someone else verify that this
> problem is only physical NBMA problem?
>
> Alsontra

• Next message: Dennis J. Hartmann: "MQC based FRTS"
• Previous message: gladston@br.ibm.com: "Re: Monitoring Security"
• Maybe in reply to: gladston@br.ibm.com: "OSPF MD5 - Rollover"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:55:10 GMT-3