From: juan_delgado (juan_delgado@etb.net.co)
Date: Sat May 27 2006 - 19:43:24 ART
Also,
After that I remove key 1 and put it again in the hub router and I have the rollover status again and every thing works well
R2#show ip ospf inter s0/1/0.246
Serial0/1/0.246 is up, line protocol is up
Internet Address 150.50.246.2/24, Area 246
Process ID 1, Router ID 2.2.2.2, Network Type NON_BROADCAST, Cost: 781
Transmit Delay is 1 sec, State DR, Priority 100
Designated Router (ID) 2.2.2.2, Interface address 150.50.246.2
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:08
Supports Link-local Signaling (LLS)
Index 2/8, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 4.4.4.4
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 1
Rollover in progress, 1 neighbor(s) using the old key(s):
key id 25
So thinking in the real lab is not possible to leave just one key in the spoke that we want to change in order to avoid problems after rebooting the routers.
Regards
Juan
-----Mensaje original-----
De: nobody@groupstudy.com en nombre de Scott Morris
Enviado el: sab 27/05/2006 13:03
Para: 'Larry Chuon'; 'Cisco certification'
CC:
Asunto: RE: OSPF authentication using rollover keys
Do you have any neighbor using the other key??? If you do, then they'll
all show up:
Emanon-R1(config)#do sh ip o n
Neighbor ID Pri State Dead Time Address Interface
15.15.15.15 0 FULL/DROTHER 00:01:48 172.17.150.3
Serial0/0.1
200.103.1.1 0 FULL/DROTHER 00:01:39 172.17.150.2
Serial0/0.1
172.17.155.5 0 FULL/ - 00:00:33 172.17.155.5 Serial0/1
Emanon-R1(config)#do sh ip o i s0/0.1
Serial0/0.1 is up, line protocol is up
Internet Address 172.17.150.1/24, Area 0
Process ID 1, Router ID 24.24.24.24, Network Type NON_BROADCAST, Cost: 64
Transmit Delay is 1 sec, State DR, Priority 128
Designated Router (ID) 24.24.24.24, Interface address 172.17.150.1
No backup designated router on this network
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
oob-resync timeout 120
Hello due in 00:00:16
Index 1/3, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 5, maximum is 6
Last flood scan time is 8 msec, maximum is 12 msec
Neighbor Count is 2, Adjacent neighbor count is 2
Adjacent with neighbor 15.15.15.15
Adjacent with neighbor 200.103.1.1
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 3
Rollover in progress, 1 neighbor(s) using the old key(s):
key id 1
key id 2
Emanon-R1(config)#do sh run int s0/0.1
Building configuration...
Current configuration : 505 bytes
!
interface Serial0/0.1 multipoint
ip address 172.17.150.1 255.255.255.0
ip router isis
ip pim sparse-dense-mode
service-policy input testing
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 IPExpert
ip ospf message-digest-key 2 md5 R2Key
ip ospf message-digest-key 3 md5 R3Key
ip ospf priority 128
isis priority 127
frame-relay class trfshape
frame-relay map ip 172.17.150.2 102 broadcast
frame-relay map ip 172.17.150.3 103 broadcast
no frame-relay inverse-arp
end
Emanon-R1(config)#
Note, my hub there actually has three keys configured on it. Although
according to the show ip ospf interface command, only two of them are used.
Because I have two peers using separate/different keys.
HTH,
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Larry Chuon
Sent: Friday, May 26, 2006 11:19 AM
To: Cisco certification
Subject: OSPF authentication using rollover keys
Hi group,
I've three routers. Each is configured to do md5 authentication. I put in
key 1. Everything works fine. Then, I proceed to add a second key on R1
(hub) and R3.
R1:
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
ip ospf message-digest-key 2 md5 cisco2
R3:
ip ospf authentication message-digest
ip ospf message-digest-key 2 md5 cisco2
Now, only R1 and R3 form adjacency.
R2 display an error message:
*May 26 15:21:29.575: OSPF: Send with youngest Key 1 !
Serial0/0/0 : Mismatch Authentication Key - No message digest key 2 on
interface
It can't form adjacency with the hub.
Both R1 and R3 has the following info AFTER a reboot. I believe that all
three routers were working fine before the reboot.
sh ip os int s0/0/0 | in auth|key
Message digest authentication enabled
Youngest key id is 2
What is the proper way to do rollover?
TIA,
Larry
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:22 ART