RE: OSPF
From: Scott Morris (swm@emanon.com)
Date: Tue Jul 04 2006 - 11:38:56 ART
If you search the archives, I think you'll find some good posts about OSPF
and multiple keys. It seems to me that we had some configs fly by fairly
recently too!
HTH,
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Sami
Sent: Tuesday, July 04, 2006 6:41 AM
To: Leon van Dongen
Cc: ccielab@groupstudy.com
Subject: Re: OSPF
What I have to do to make R3 to send same packets with two keys ?
On 7/4/06, Leon van Dongen <l.dongen1@chello.nl> wrote:
>
> The hub router is sending it's youngest key, being key 2 while the
> spoke router R1 sends it's youngest key, being key 1.
>
> Usage Guidelines
> Usually, one key per interface is used to generate authentication
> information when sending packets and to authenticate incoming packets.
> The same key identifier on the neighbor router must have the same key
value.
>
> [...]
>
> The system assumes its neighbors do not have the new key yet, so it
> begins a rollover process. It sends multiple copies of the same
> packet, each authenticated by different keys. In this example, the
> system sends out two copies of the same packet�the first one
> authenticated by key 100 and the second one authenticated by key 101.
>
>
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hirp_r
/
rte_osph.htm#wp1091704
>
> You can try to add key 2 to R1, to create a rollover situation.
>
> --Leon
>
> PS I believe I saw a post recently that was answered by Scott Morris
> which had a proper solution. However I do not have access to my
> mailbox at the moment and searching GroupStudy with Google seems to be a
waist of time.
> >
> > van: Sami <sy1977@gmail.com>
> > datum: 2006/07/04 Tue PM 12:02:13 MEST
> > aan: ccielab <ccielab@groupstudy.com>
> > onderwerp: OSPF
> >
> > Group,
> >
> > task say use different key for spokes , R3 is hub and have two OSPF
> > key
> ,
> > key 1 for R3 and key 2 for R5 . R5 is OK but R1 adjaceny is not
> > coming
> up
> >
> > *Jul 4 09:59:23.411: OSPF: Send with youngest Key 1 R1#
> >
> > R1#
> > *Jul 4 09:59:37.395: OSPF: Rcv pkt from 190.1.135.3, Serial0/0/0 :
> Mismatch
> > Authentication Key - No message digest key 2 on interface
> >
> > Hub
> >
> > R3
> > router ospf 1
> > router-id 150.1.3.3
> > log-adjacency-changes
> > area 135 authentication message-digest network 190.1.34.3 0.0.0.0
> > area 34 network 190.1.135.3 0.0.0.0 area 135 neighbor 190.1.135.5
> > neighbor 190.1.135.1 interface Serial0/0/0 ip address 190.1.135.3
> > 255.255.255.0 encapsulation frame-relay ip ospf authentication
> > message-digest ip ospf message-digest-key 1 md5 CISCO13 ip ospf
> > message-digest-key 2 md5 CISCO35
> >
> > Spokes
> > R1
> >
> > interface Serial0/0/0
> > ip address 190.1.135.1 255.255.255.0 encapsulation frame-relay ip
> > ospf authentication message-digest ip ospf message-digest-key 1 md5
> > CISCO13 ip ospf network point-to-multipoint non-broadcast
> >
> > R5
> >
> > interface Serial0/0/0
> > ip address 190.1.135.5 255.255.255.0 encapsulation frame-relay ip
> > ospf authentication message-digest ip ospf message-digest-key 2 md5
> > CISCO35 ip ospf network point-to-multipoint non-broadcast
> >
> > ____________________________________________________________________
> > ___ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4
: Tue Aug 01 2006 - 07:13:46 ART