OSPF authentication using rollover keys

From: Larry Chuon (lchuon@gmail.com)
Date: Fri May 26 2006 - 12:19:20 ART

• Next message: Carlos Campos Torres \(ccampost\): "RE: DM fallback"
• Previous message: Larry Chuon: "OSPF neighbor statement falling off"
• Next in thread: Scott Morris: "RE: OSPF authentication using rollover keys"
• Maybe reply: Scott Morris: "RE: OSPF authentication using rollover keys"
• Maybe reply: Larry Chuon: "Re: OSPF authentication using rollover keys"
• Maybe reply: juan_delgado: "RE: OSPF authentication using rollover keys"
• Maybe reply: juan_delgado: "RE: OSPF authentication using rollover keys"
• Maybe reply: Scott Morris: "RE: OSPF authentication using rollover keys"
• Maybe reply: Scott Morris: "RE: OSPF authentication using rollover keys"
• Maybe reply: Radioactive Frog: "Re: OSPF authentication using rollover keys"
• Maybe reply: Scott Morris: "RE: OSPF authentication using rollover keys"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi group,

I've three routers. Each is configured to do md5 authentication. I put in
key 1. Everything works fine. Then, I proceed to add a second key on R1
(hub) and R3.

R1:
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 cisco
 ip ospf message-digest-key 2 md5 cisco2

R3:
ip ospf authentication message-digest
ip ospf message-digest-key 2 md5 cisco2

Now, only R1 and R3 form adjacency.

R2 display an error message:

*May 26 15:21:29.575: OSPF: Send with youngest Key 1
!
Serial0/0/0 : Mismatch Authentication Key - No message digest key 2 on
interface

It can't form adjacency with the hub.

Both R1 and R3 has the following info AFTER a reboot. I believe that all
three routers were working fine before the reboot.

sh ip os int s0/0/0 | in auth|key
  Message digest authentication enabled
    Youngest key id is 2

What is the proper way to do rollover?

TIA,
Larry

• Next message: Carlos Campos Torres \(ccampost\): "RE: DM fallback"
• Previous message: Larry Chuon: "OSPF neighbor statement falling off"
• Next in thread: Scott Morris: "RE: OSPF authentication using rollover keys"
• Maybe reply: Scott Morris: "RE: OSPF authentication using rollover keys"
• Maybe reply: Larry Chuon: "Re: OSPF authentication using rollover keys"
• Maybe reply: juan_delgado: "RE: OSPF authentication using rollover keys"
• Maybe reply: juan_delgado: "RE: OSPF authentication using rollover keys"
• Maybe reply: Scott Morris: "RE: OSPF authentication using rollover keys"
• Maybe reply: Scott Morris: "RE: OSPF authentication using rollover keys"
• Maybe reply: Radioactive Frog: "Re: OSPF authentication using rollover keys"
• Maybe reply: Scott Morris: "RE: OSPF authentication using rollover keys"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:22 ART