From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Wed Jul 26 2006 - 22:02:31 ART
Hi Bill, comments in line
-----Mensaje original-----
De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de Bill
Wagner
Enviado el: Miircoles, 26 de Julio de 2006 06:49 p.m.
Para: ccielab@groupstudy.com
Asunto: OSPF Auth with Key Rollover on Hub & Spoke (non-broadcast)
>Can anyone please help me solve this problem regarding OSPF authentication?
Sure,
>The topology is a hub and spoke frame-relay network where the spokes can
>talk to each other through the hub. OSPF is running in a non-broadcast
>mode.
>Due to the topology I set the spokes to have an OSPF priority of 0 and
>create neighbor statements on the hub.
Do you see the neighbors In show Ip ospf neigh?
Can you send us the show ip ospf neigh, After and Before configuring the IP
ospf authentication md5?
>I build key 1 for all three devices.
Are you using area X authentication mess ?? or at interface level are you
using ip ospf authen me? Can you send us the show ip ospf output?
>From there I create a new key for the rollover on the hub and only one
>spoke as per the requirements.
Where is this requirement written, I mean what WB are you using?
In the hub, are you using the same Key Number and same MD5 Password than the
Spokes? Can you send us the show run int sX/X and show ip ospf inter?
>If I reset the peers the spoke with the old key will not come back online.
Mmm strange I have to see some outputs
>Debug shows that only the new key is being sent to the spoke which it does
>not accept because it does not know about it.
Same key used in H&Spokes?
>Since the spokes have a priority of 0 I am unable to install a neighbor
>statement in the ospf routing process on the spoke using the old key.
R4(config-router)#neigh 131.120.11.1 ?
cost OSPF cost for point-to-multipoint neighbor
database-filter Filter OSPF LSA during synchronization and flooding for
point-to-multipoint neighbor
poll-interval OSPF dead-router polling interval
priority OSPF priority of non-broadcast neighbor
<cr>
I do not see any option for the use of a Key here; also you can use the
neigh command at the spoke, having or not the OSPF MD5 Authentication
configured
>The only solution I could find was to bump the priority up on the spoke >
>with the old key, but this presents a problem if the spoke router boots
>before the hub since OSPF does not support premption.
?? is you configured the spokes to be DROTHERS; why are you worried about
preemption?
Do you mind to send us the show run | b router ospf of the routers in
question, also the show frame-relay map of every router?
>Can anyone tell me what I am missing or if this is not possible?
Everything is possible.
>Oh one more thing is that I cannot change the OSPF network type or the
frame relay topology.
Ok.
>Thanks in advance,
>Bill
Regards
Victor.-
This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART