About OSPF area authentication (IELAB Vol. 2 Lab 3)

From: Ricky MK Au (aurmk@hk1.ibm.com)
Date: Sun Nov 19 2006 - 13:48:35 ART

• Next message: Alexey Tolstenok: "bpdufilter logic"
• Previous message: Michiya Nakaie: "SVI on PVLAN"
• Next in thread: Nick Griffin: "Re: About OSPF area authentication (IELAB Vol. 2 Lab 3)"
• Maybe reply: Nick Griffin: "Re: About OSPF area authentication (IELAB Vol. 2 Lab 3)"
• Maybe reply: Michael Zuo: "RE: About OSPF area authentication (IELAB Vol. 2 Lab 3)"
• Maybe reply: Ming Ki Au: "Re: About OSPF area authentication (IELAB Vol. 2 Lab 3)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dear all,

I found some interesting things that I would like to see anybody can help
me to understand. I have two questions when I do the IELAB Vol.2 Lab 3
section 4.6. In it, it ask to configure OSPF authentication across the
Frame Relay cloud between R1, R3, and R5.
b" Use the password of CISCO13 for the OSPF neighbor relationship between R1
and R3.
b" Use the password of CISCO35 for the OSPF neighbor relationship between R3
and R5.

where R3 is the Hub and area 135 is the OSPF area between the frame-relay
cloud of R1,R3 and R5. I extract the OSPF configuration of R1, R3 and R5 as
below.
============================================================================================
R1:
interface Serial0/0
ip address 190.1.135.1 255.255.255.0
ip pim sparse-dense-mode
encapsulation frame-relay
ip ospf message-digest-key 13 md5 CISCO13
ip ospf network point-to-multipoint non-broadcast
no frame-relay inverse-arp IP 102
no frame-relay inverse-arp IP 104
no frame-relay inverse-arp IP 105
no frame-relay inverse-arp IP 113

router ospf 1
router-id 150.1.1.1
log-adjacency-changes
area 0 authentication message-digest
area 135 authentication message-digest
area 17 virtual-link 150.1.7.7 message-digest-key 1 md5 CISCO
area 135 virtual-link 150.1.3.3 message-digest-key 1 md5 CISCO
network 150.1.1.1 0.0.0.0 area 0
network 190.1.17.1 0.0.0.0 area 17
network 190.1.135.1 0.0.0.0 area 135
network 0.0.0.0 255.255.255.255 area 135

R3: (Hub)
interface Serial1/0
ip address 190.1.135.3 255.255.255.0
ip pim nbma-mode
ip pim sparse-dense-mode
encapsulation frame-relay
ip ospf message-digest-key 13 md5 CISCO13
ip ospf message-digest-key 35 md5 CISCO35
ip ospf network point-to-multipoint non-broadcast
no frame-relay inverse-arp IP 301
no frame-relay inverse-arp IP 302
no frame-relay inverse-arp IP 304
no frame-relay inverse-arp IP 311
no frame-relay inverse-arp IP 312
no frame-relay inverse-arp IP 314
no frame-relay inverse-arp IP 315

router ospf 1
router-id 150.1.3.3
ispf
log-adjacency-changes
area 0 authentication message-digest
area 135 authentication message-digest
area 34 stub no-summary
area 135 virtual-link 150.1.5.5 message-digest-key 1 md5 CISCO
area 135 virtual-link 150.1.1.1 message-digest-key 1 md5 CISCO
redistribute rip subnets
network 150.1.3.3 0.0.0.0 area 0
network 190.1.34.3 0.0.0.0 area 34
network 190.1.135.3 0.0.0.0 area 135
neighbor 190.1.135.5
neighbor 190.1.135.1
!

R5:
interface Serial0/0
ip address 190.1.135.5 255.255.255.0
ip pim sparse-dense-mode
encapsulation frame-relay
ip ospf message-digest-key 35 md5 CISCO35
ip ospf network point-to-multipoint non-broadcast
no frame-relay inverse-arp IP 501
no frame-relay inverse-arp IP 502
no frame-relay inverse-arp IP 504
no frame-relay inverse-arp IP 513
!

router ospf 1
router-id 150.1.5.5
log-adjacency-changes
area 0 authentication message-digest
area 135 authentication message-digest
area 135 virtual-link 150.1.3.3 message-digest-key 1 md5 CISCO
redistribute static subnets
redistribute eigrp 10 subnets
network 150.1.5.5 0.0.0.0 area 0
network 190.1.135.5 0.0.0.0 area 135
!
====================================================================================================================================
With the configuration as above I encountered the following 2 problems

1. Only key 35 is being sent and therefore only R3 and R5 form an OSPF
neighbor while R3 and R1 cannot form an OSPF neighbor. What is the problem?

2. When I reboot R3 with the above configuration, it shows "neighbor
command is allowed only on NBMA and point-to-multipoint networks" and the
two neighbor commands below under the router ospf configuration disappear.

neighbor 190.1.135.5 ===> disappear
neighbor 190.1.135.1 ===> disappear

when I tried to add the above two commands back to R3, it does not allow me
to do so and display again
"ospf: Neigbor command is allowed only on NBMA and point-to-multipoint
networks" but when I remove the following two sentences under the router
ospf before I add back the two neighbor commands it allow me to do so.
After than, I add back the area 0 commands and all the configurations work
fine.

area 0 authentication message-digest
network 150.1.3.3 0.0.0.0 area 0

Can anyone tell me why there is such a strange phenomenon????

• Next message: Alexey Tolstenok: "bpdufilter logic"
• Previous message: Michiya Nakaie: "SVI on PVLAN"
• Next in thread: Nick Griffin: "Re: About OSPF area authentication (IELAB Vol. 2 Lab 3)"
• Maybe reply: Nick Griffin: "Re: About OSPF area authentication (IELAB Vol. 2 Lab 3)"
• Maybe reply: Michael Zuo: "RE: About OSPF area authentication (IELAB Vol. 2 Lab 3)"
• Maybe reply: Ming Ki Au: "Re: About OSPF area authentication (IELAB Vol. 2 Lab 3)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:47 ART