OSPF With Multiple Keys

From: Lee Carter (l2carter@yahoo.com)
Date: Mon Jun 27 2005 - 12:55:44 GMT-3

• Next message: Hoogen: "Re: CAR with burst in Kbps"
• Previous message: Sam Joseph: "RE: DLSW Direct Encapsulation - DLSW/LLC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

All,

I am trying to configure OSPF in a F/R Hub/Spoke
relationship using different keys for both spokes.

Here are my configs:

R2 = HUB
interface Serial0/0.100 multipoint
 ip address 136.10.100.2 255.255.255.224
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 md5_R5
 ip ospf message-digest-key 2 md5 md5_R6
 ip ospf network point-to-multipoint non-broadcast
 frame-relay de-group 1 501
 frame-relay de-group 1 601
 frame-relay map ip 136.10.100.2 105
 frame-relay map ip 136.10.100.5 105 broadcast
 frame-relay map ip 136.10.100.6 106 broadcast
!

R5 = Spoke 1
interface Serial0/0
 ip address 136.10.100.5 255.255.255.224
 encapsulation frame-relay
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 md5_R5
 ip ospf network point-to-multipoint non-broadcast
 frame-relay map ip 136.10.100.2 501 broadcast
 frame-relay map ip 136.10.100.5 501
 frame-relay map ip 136.10.100.6 501 broadcast
 no frame-relay inverse-arp
 frame-relay lmi-type cisco
end

R6 = Spoke 2
interface Serial0/0
 ip address 136.10.100.6 255.255.255.224
 encapsulation frame-relay
 ip ospf authentication message-digest
 ip ospf message-digest-key 2 md5 md5_R6
 ip ospf network point-to-multipoint non-broadcast
 frame-relay map ip 136.10.100.2 601 broadcast
 frame-relay map ip 136.10.100.5 601 broadcast
 frame-relay map ip 136.10.100.6 601
 no frame-relay inverse-arp
 frame-relay lmi-type cisco
end

As you can see I am usnig link authentication and I do
have neighbor statements under my router ospf process
for unicast based updates.

What I am seeing is: On R2 the HUB I periodically seem
to loose neighbor relationships with one of the
spokes. I login to R2 remove the respective key then
simply re-add the key so that my interface on R2
shows:

Serial0/0.100 is up, line protocol is up
  Internet Address 136.10.100.2/27, Area 0
  Process ID 1, Router ID 136.10.2.2, Network Type
POINT_TO_MULTIPOINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT,
  Timer intervals configured, Hello 30, Dead 120, Wait

  Message digest authentication enabled
    Youngest key id is 1
    Rollover in progress, 2 neighbor(s) using the old
key(s):
      key id 2
!
at this point my second spoke will come online for a
bit then it seems that another spoke will die off. If
I re-issue the show ip ospf interfase on serial
0/0.100 again I don't see the "rollover in progress"
and only see the "Youngest key id is 1" ->> which is
obviously the only spoke working at the time.

Should this be the normal behavior?

When using multiple keys is there an order of
operations that needs to be in place for it to work
correctly or am I simply missing something?

Thanks,

Lee

                
__________________________________
Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html

• Next message: Hoogen: "Re: CAR with burst in Kbps"
• Previous message: Sam Joseph: "RE: DLSW Direct Encapsulation - DLSW/LLC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:44 GMT-3