Re: OSPF Auth with Key Rollover on Hub & Spoke (non-broadcast

From: Bill Wagner (billccie2b@hotmail.com)
Date: Fri Jul 28 2006 - 10:53:13 ART

• Next message: mani poopal: "6500 SERIES DOUBT-SPAN"
• Previous message: anthony.sequeira@thomson.com: "RE: Failed 4th Time, Still Not Going To Give Up"
• Maybe in reply to: Jim: "Re: OSPF Auth with Key Rollover on Hub & Spoke (non-broadcast"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yeah I tried this, but after you type in the command although it starts
to communicate with the hub router it will not install the neighbor
statement in the running config. As a result if you reload the routers it
will stop working again.

  --------------------------------------------------------------------

  From: Jim <firstnamejim@gmail.com>
  Reply-To: Jim <firstnamejim@gmail.com>
  To: "Bill Wagner" <billccie2b@hotmail.com>, ccielab@groupstudy.com
  Subject: Re: OSPF Auth with Key Rollover on Hub & Spoke
  (non-broadcast
  Date: Thu, 27 Jul 2006 22:54:49 -0400
  Bill,

  If you add a line in the below, it will work reliably and right away:

  #R2
  router ospf 1
    neighbor 10.129.1.3

  R3 will not automatically use the old key, but if it receive unicast
  hello
  with older key id, it will take the hint and start talking with R2 in
  old
  key 1. Just my experiment.

  HTH
  --Jim

  ---------------Configuration After Key Rollover + clear ip os
> process------------
>
> ---R3 Hub---
>
> interface Serial1/0.123 multipoint
> ip address 10.129.1.3 255.255.255.0
> ip ospf message-digest-key 1 md5 CISCO
> ip ospf message-digest-key 2 md5 CISCONEW
> frame-relay map ip 10.129.1.1 301 broadcast
> frame-relay map ip 10.129.1.2 302 broadcast
>
> ---R1 Spoke w new key---
>
> interface Serial0/0
> ip address 10.129.1.1 255.255.255.0
> encapsulation frame-relay
> ip ospf message-digest-key 1 md5 CISCO
> ip ospf message-digest-key 2 md5 CISCONEW
> ip ospf priority 0
> frame-relay map ip 10.129.1.2 103
> frame-relay map ip 10.129.1.3 103 broadcast
> no frame-relay inverse-arp
> end
>
> ---R2 Spoke with original key---
>
> interface Serial1/0
> ip address 10.129.1.2 255.255.255.0
> encapsulation frame-relay
> ip ospf message-digest-key 1 md5 CISCO
> ip ospf priority 0
> frame-relay map ip 10.129.1.1 203
> frame-relay map ip 10.129.1.3 203 broadcast
> no frame-relay inverse-arp
> end
>
> ----------Neighbor Output + debug-----------
>
> ---R3 Hub---
>
> Rack1R3#sho ip os nei
>
> Neighbor ID Pri State Dead Time Address
> Interface
> 150.1.1.1 0 FULL/DROTHER 00:01:55 10.129.1.1
> Serial1/0.123
> N/A 0 ATTEMPT/DROTHER 00:00:04 10.129.1.2
> Serial1/0.123

  _______________________________________________________________________
  Subscription information may be found at:
  http://www.groupstudy.com/list/CCIELab.html

------------------------------------------------------------------------

Its the future of Hotmail: Try Windows Live Mail beta

• Next message: mani poopal: "6500 SERIES DOUBT-SPAN"
• Previous message: anthony.sequeira@thomson.com: "RE: Failed 4th Time, Still Not Going To Give Up"
• Maybe in reply to: Jim: "Re: OSPF Auth with Key Rollover on Hub & Spoke (non-broadcast"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART