From: Scott Morris (swm@emanon.com)
Date: Sat May 27 2006 - 15:03:10 ART
Do you have any neighbor using the other key??? If you do, then they'll
all show up:
Emanon-R1(config)#do sh ip o n
Neighbor ID Pri State Dead Time Address Interface
15.15.15.15 0 FULL/DROTHER 00:01:48 172.17.150.3
Serial0/0.1
200.103.1.1 0 FULL/DROTHER 00:01:39 172.17.150.2
Serial0/0.1
172.17.155.5 0 FULL/ - 00:00:33 172.17.155.5 Serial0/1
Emanon-R1(config)#do sh ip o i s0/0.1
Serial0/0.1 is up, line protocol is up
Internet Address 172.17.150.1/24, Area 0
Process ID 1, Router ID 24.24.24.24, Network Type NON_BROADCAST, Cost: 64
Transmit Delay is 1 sec, State DR, Priority 128
Designated Router (ID) 24.24.24.24, Interface address 172.17.150.1
No backup designated router on this network
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
oob-resync timeout 120
Hello due in 00:00:16
Index 1/3, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 5, maximum is 6
Last flood scan time is 8 msec, maximum is 12 msec
Neighbor Count is 2, Adjacent neighbor count is 2
Adjacent with neighbor 15.15.15.15
Adjacent with neighbor 200.103.1.1
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 3
Rollover in progress, 1 neighbor(s) using the old key(s):
key id 1
key id 2
Emanon-R1(config)#do sh run int s0/0.1
Building configuration...
Current configuration : 505 bytes
!
interface Serial0/0.1 multipoint
ip address 172.17.150.1 255.255.255.0
ip router isis
ip pim sparse-dense-mode
service-policy input testing
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 IPExpert
ip ospf message-digest-key 2 md5 R2Key
ip ospf message-digest-key 3 md5 R3Key
ip ospf priority 128
isis priority 127
frame-relay class trfshape
frame-relay map ip 172.17.150.2 102 broadcast
frame-relay map ip 172.17.150.3 103 broadcast
no frame-relay inverse-arp
end
Emanon-R1(config)#
Note, my hub there actually has three keys configured on it. Although
according to the show ip ospf interface command, only two of them are used.
Because I have two peers using separate/different keys.
HTH,
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Larry Chuon
Sent: Friday, May 26, 2006 11:19 AM
To: Cisco certification
Subject: OSPF authentication using rollover keys
Hi group,
I've three routers. Each is configured to do md5 authentication. I put in
key 1. Everything works fine. Then, I proceed to add a second key on R1
(hub) and R3.
R1:
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
ip ospf message-digest-key 2 md5 cisco2
R3:
ip ospf authentication message-digest
ip ospf message-digest-key 2 md5 cisco2
Now, only R1 and R3 form adjacency.
R2 display an error message:
*May 26 15:21:29.575: OSPF: Send with youngest Key 1 !
Serial0/0/0 : Mismatch Authentication Key - No message digest key 2 on
interface
It can't form adjacency with the hub.
Both R1 and R3 has the following info AFTER a reboot. I believe that all
three routers were working fine before the reboot.
sh ip os int s0/0/0 | in auth|key
Message digest authentication enabled
Youngest key id is 2
What is the proper way to do rollover?
TIA,
Larry
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:22 ART