From: Sidalo (sidalo@gmail.com)
Date: Sat Sep 16 2006 - 22:06:11 ART
From archive post of Scott's:
"OSPF will allow for multiple simultaneous keys on the same interface (so
different peers can have different ones).
RIP and EIGRP only allow one active key per interface. So I think that
leads you to the answer of your question."
If you search you can find that the reboot scenario was also tested and both
peers came back up but one of them took some time. Roughly 10 minutes or so
if I remember correctly.
Reboot and debug and give it a good amount of time.
For the other routing protocols a PPPoFR solution would be appropriate in
this scenario.
On 9/16/06, Heiko Liedtke <heiko.liedtke@gmx.net> wrote:
>
> Dear CCIEin2006,
>
> I had this solution working for a configuration with 3 routers connecting
> eachother via ethernet. The debug ip ospf adj showed, that both
> keys are sent out.
> But I have no idea how to achieve a reload stable configuration of this
> using
> frame relay links.
>
> Heiko
>
>
>
>
>
> CCIEin2006 schrieb:
>
> >Hello Sabrina,
> >
> >Did reloading work?
> >
> >AFAIK rollover is just a temporary solution for migrating from one key to
> >another. I think the intent of its design was not to have multiple keys
> >operating simultenously but I could be wrong.
> >
> >Anyone else have luck with this scenario and did it survive a reload?
> >
> >
> >On 9/15/06, sabrina pittarel <sabri_esame@yahoo.com> wrote:
> >
> >
> >>My configuration at the end is no different of what you get when you
> >>configure one router at the time, it is just the order of operations
> that
> >>makes it working right away.
> >>It has been a while, but I think I did reload my routers and the
> neighbor
> >>relationship came up again after a while...
> >>But let me try again later, I'll let you know for sure
> >>
> >>Sabrina
> >>
> >>
> >>----- Original Message ----
> >>From: Heiko Liedtke <heiko.liedtke@gmx.net>
> >>To: sabrina pittarel <sabri_esame@yahoo.com>
> >>Cc: CCIEin2006 <ciscocciein2006@gmail.com>; Cisco certification <
> >>ccielab@groupstudy.com>
> >>Sent: Friday, September 15, 2006 4:11:31 AM
> >>Subject: Re: Multiple OSPF keys on Hub and Spoke Frame Relay
> >>
> >>I had a similar problem..
> >>
> >>When I did a debug ip ospf adj i saw that the router only sends out the
> >>latest key id. (e.g. sends out
> >>key 2 and not key 1)
> >>When I tried do configure the same stuff over an ethernet link, the
> >>router sends out both keys.
> >>(key 1 and key 2) Maybe there is a dependency of the ospf network type.
> >>Can you try to configure an ospf broadcast network type over your frame
> >>relay cloud?
> >>Sabrina, what is with your configuration after a reload of the routers??
> >>I guess this can
> >>cause problems...
> >>
> >>Heiko
> >>
> >>I
> >>
> >>
> >>
> >>sabrina pittarel schrieb:
> >>
> >>
> >>
> >>>This configuration always generates problems (many thread on this in
> the
> >>>
> >>>
> >>past), but it works. Please looks archives.
> >>
> >>
> >>>Try to configure it in this way:
> >>>
> >>>* Configure MD5 auth between Hub and Spoke 1 first (no MD5 auth on the
> >>>
> >>>
> >>Hub for Spoke2 yet)
> >>
> >>
> >>>* Make sure the neighbor relation ship between Hub and Spoke 1 is fine
> >>>* Configure MD5 auth between Hub and Spoke 2.
> >>>* Check the hub is in rollover for the first key you configured
> >>>
> >>>Rack1R5#sh ip ospf int s1/0 | b Roll
> >>> Rollover in progress, 1 neighbor(s) using the old key(s):
> >>> key id 35
> >>>Rack1R5#
> >>>
> >>>
> >>>Sabrina
> >>>
> >>>----- Original Message ----
> >>>From: CCIEin2006 <ciscocciein2006@gmail.com>
> >>>To: Cisco certification <ccielab@groupstudy.com>
> >>>Sent: Wednesday, September 13, 2006 6:00:59 PM
> >>>Subject: Multiple OSPF keys on Hub and Spoke Frame Relay
> >>>
> >>>This is from IE Vol2 lab 3 task 4.6
> >>>
> >>>You have a hub and spoke frame relay using physical interfaces.
> >>>The task states to use a different OSPF key for each spoke.
> >>>
> >>>The solution guide states to configure both keys on the hub with
> >>>
> >>>
> >>different
> >>
> >>
> >>>key numbers however when I configure this only one spoke is able to
> >>>authenticate and the other spoke does not establish adjacency.
> >>>
> >>>Here is the setup and solution:
> >>>
> >>> R1
> >>> /
> >>>R3
> >>> \
> >>> R5
> >>>
> >>>
> >>>R1:
> >>>ip ospf message-digest-key 13 md5 CISCO13
> >>>R5:
> >>>ip ospf message-digest-key 35 md5 CISCO35
> >>>R3: ip ospf message-digest-key 13 md5 CISCO13
> >>>ip ospf message-digest-key 35 md5 CISCO35
> >>>
> >>>As I said only one spoke comes up (I can't remember which and my rack
> >>>
> >>>
> >>time
> >>
> >>
> >>>is up).
> >>>
> >>>Any ideas are appreciated.
> >>>
> >>>_______________________________________________________________________
> >>>Subscription information may be found at:
> >>>http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>_______________________________________________________________________
> >>>Subscription information may be found at:
> >>>http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>_______________________________________________________________________
> >>Subscription information may be found at:
> >>http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:40 ART