From: Jim (firstnamejim@gmail.com)
Date: Fri Jul 28 2006 - 14:18:59 ART
Bill
You are right. I used your config this time, and for interface
non-broadcast, if the ospf priority is 0, it doesn't save the unicast
neighbor in the config.
If I change interface type to point-to-multipoint non-broadcast, then
everything is happy. (the neighbor statement stays in the ospf
configuration.)
Please correct if I am wrong,
I think the root of the issue is: the hub needs to receive a hello with the
old key to start using old key. That starts the roll-over feature. Since
on R2, it was non-broadcast, and it is priority 0, with no neighbor. It
just sits waiting and doesn't sent any hello out. Since R2 doesn't know
where the neighbor is, it never send anything out, so R3 won't do know about
R2's old key. So there has to be something make R2 send hello to R3:
- in NBMA, need to config neighbor on the fly, but it doesn't save;
- in point-multipoint, config the neighbor, it will save in the config;
On 7/28/06, Bill Wagner <billccie2b@hotmail.com> wrote:
>
> Yeah I tried this, but after you type in the command although it starts to
> communicate with the hub router it will not install the neighbor statement
> in the running config. As a result if you reload the routers it will stop
> working again.
>
> ------------------------------
> From: *Jim <firstnamejim@gmail.com>*
> Reply-To: *Jim <firstnamejim@gmail.com>*
> To: *"Bill Wagner" <billccie2b@hotmail.com>, ccielab@groupstudy.com*
> Subject: *Re: OSPF Auth with Key Rollover on Hub & Spoke (non-broadcast*
> Date: *Thu, 27 Jul 2006 22:54:49 -0400*
> Bill,
>
> If you add a line in the below, it will work reliably and right away:
>
> #R2
> router ospf 1
> neighbor 10.129.1.3
>
> R3 will not automatically use the old key, but if it receive unicast hello
> with older key id, it will take the hint and start talking with R2 in old
> key 1. Just my experiment.
>
> HTH
> --Jim
>
>
>
> ---------------Configuration After Key Rollover + clear ip os
> > process------------
> >
> > ---R3 Hub---
> >
> > interface Serial1/0.123 multipoint
> > ip address 10.129.1.3 255.255.255.0
> > ip ospf message-digest-key 1 md5 CISCO
> > ip ospf message-digest-key 2 md5 CISCONEW
> > frame-relay map ip 10.129.1.1 301 broadcast
> > frame-relay map ip 10.129.1.2 302 broadcast
> >
> > ---R1 Spoke w new key---
> >
> > interface Serial0/0
> > ip address 10.129.1.1 255.255.255.0
> > encapsulation frame-relay
> > ip ospf message-digest-key 1 md5 CISCO
> > ip ospf message-digest-key 2 md5 CISCONEW
> > ip ospf priority 0
> > frame-relay map ip 10.129.1.2 103
> > frame-relay map ip 10.129.1.3 103 broadcast
> > no frame-relay inverse-arp
> > end
> >
> > ---R2 Spoke with original key---
> >
> > interface Serial1/0
> > ip address 10.129.1.2 255.255.255.0
> > encapsulation frame-relay
> > ip ospf message-digest-key 1 md5 CISCO
> > ip ospf priority 0
> > frame-relay map ip 10.129.1.1 203
> > frame-relay map ip 10.129.1.3 203 broadcast
> > no frame-relay inverse-arp
> > end
> >
> > ----------Neighbor Output + debug-----------
> >
> > ---R3 Hub---
> >
> > Rack1R3#sho ip os nei
> >
> > Neighbor ID Pri State Dead Time Address
> > Interface
> > 150.1.1.1 0 FULL/DROTHER 00:01:55 10.129.1.1
> > Serial1/0.123
> > N/A 0 ATTEMPT/DROTHER 00:00:04 10.129.1.2
> > Serial1/0.123
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> ------------------------------
> It's the future of Hotmail: Try Windows Live Mail beta
> <http://g.msn.com/8HMBENUS/2740??PS=47575>
>
-- Jim Li 614-376-2865
This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART