From: Michael Zuo (mzuo@ixiacom.com)
Date: Tue Nov 21 2006 - 18:46:28 ART
Check your virtual link configuration. That should fix the problem...
yes, there are recent threads re: this
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Nick Griffin
Sent: Tuesday, November 21, 2006 6:37 AM
To: Ming Ki Au
Cc: ccielab@groupstudy.com
Subject: Re: About OSPF area authentication (IELAB Vol. 2 Lab 3)
I recall this begin a bug. There should be a recent discussion in the
archives.
On 11/21/06, Ming Ki Au <aurmkstr@gmail.com> wrote:
>
> Hey all,
>
> Is there anybody can help answer my questions below????
>
> ---------- Forwarded message ----------
> From: Ricky MK Au <aurmk@hk1.ibm.com>
> Date: Nov 20, 2006 12:48 AM
> Subject: About OSPF area authentication (IELAB Vol. 2 Lab 3)
> To: ccielab@groupstudy.com
>
> Dear all,
>
> I found some interesting things that I would like to see anybody can
help
> me to understand. I have two questions when I do the IELAB Vol.2 Lab 3
> section 4.6. In it, it ask to configure OSPF authentication across the
> Frame Relay cloud between R1, R3, and R5.
> b" Use the password of CISCO13 for the OSPF neighbor relationship
between
> R1
> and R3.
> b" Use the password of CISCO35 for the OSPF neighbor relationship
between
> R3
> and R5.
>
> where R3 is the Hub and area 135 is the OSPF area between the
frame-relay
> cloud of R1,R3 and R5. I extract the OSPF configuration of R1, R3 and
R5
> as
> below.
>
>
========================================================================
====================
> R1:
> interface Serial0/0
> ip address 190.1.135.1 255.255.255.0
> ip pim sparse-dense-mode
> encapsulation frame-relay
> ip ospf message-digest-key 13 md5 CISCO13
> ip ospf network point-to-multipoint non-broadcast
> no frame-relay inverse-arp IP 102
> no frame-relay inverse-arp IP 104
> no frame-relay inverse-arp IP 105
> no frame-relay inverse-arp IP 113
>
> router ospf 1
> router-id 150.1.1.1
> log-adjacency-changes
> area 0 authentication message-digest
> area 135 authentication message-digest
> area 17 virtual-link 150.1.7.7 message-digest-key 1 md5 CISCO
> area 135 virtual-link 150.1.3.3 message-digest-key 1 md5 CISCO
> network 150.1.1.1 0.0.0.0 area 0
> network 190.1.17.1 0.0.0.0 area 17
> network 190.1.135.1 0.0.0.0 area 135
> network 0.0.0.0 255.255.255.255 area 135
>
> R3: (Hub)
> interface Serial1/0
> ip address 190.1.135.3 255.255.255.0
> ip pim nbma-mode
> ip pim sparse-dense-mode
> encapsulation frame-relay
> ip ospf message-digest-key 13 md5 CISCO13
> ip ospf message-digest-key 35 md5 CISCO35
> ip ospf network point-to-multipoint non-broadcast
> no frame-relay inverse-arp IP 301
> no frame-relay inverse-arp IP 302
> no frame-relay inverse-arp IP 304
> no frame-relay inverse-arp IP 311
> no frame-relay inverse-arp IP 312
> no frame-relay inverse-arp IP 314
> no frame-relay inverse-arp IP 315
>
> router ospf 1
> router-id 150.1.3.3
> ispf
> log-adjacency-changes
> area 0 authentication message-digest
> area 135 authentication message-digest
> area 34 stub no-summary
> area 135 virtual-link 150.1.5.5 message-digest-key 1 md5 CISCO
> area 135 virtual-link 150.1.1.1 message-digest-key 1 md5 CISCO
> redistribute rip subnets
> network 150.1.3.3 0.0.0.0 area 0
> network 190.1.34.3 0.0.0.0 area 34
> network 190.1.135.3 0.0.0.0 area 135
> neighbor 190.1.135.5
> neighbor 190.1.135.1
> !
>
> R5:
> interface Serial0/0
> ip address 190.1.135.5 255.255.255.0
> ip pim sparse-dense-mode
> encapsulation frame-relay
> ip ospf message-digest-key 35 md5 CISCO35
> ip ospf network point-to-multipoint non-broadcast
> no frame-relay inverse-arp IP 501
> no frame-relay inverse-arp IP 502
> no frame-relay inverse-arp IP 504
> no frame-relay inverse-arp IP 513
> !
>
> router ospf 1
> router-id 150.1.5.5
> log-adjacency-changes
> area 0 authentication message-digest
> area 135 authentication message-digest
> area 135 virtual-link 150.1.3.3 message-digest-key 1 md5 CISCO
> redistribute static subnets
> redistribute eigrp 10 subnets
> network 150.1.5.5 0.0.0.0 area 0
> network 190.1.135.5 0.0.0.0 area 135
> !
>
>
========================================================================
============================================================
> With the configuration as above I encountered the following 2 problems
>
> 1. Only key 35 is being sent and therefore only R3 and R5 form an OSPF
> neighbor while R3 and R1 cannot form an OSPF neighbor. What is the
> problem?
>
> 2. When I reboot R3 with the above configuration, it shows "neighbor
> command is allowed only on NBMA and point-to-multipoint networks" and
the
> two neighbor commands below under the router ospf configuration
disappear.
>
> neighbor 190.1.135.5 ===> disappear
> neighbor 190.1.135.1 ===> disappear
>
> when I tried to add the above two commands back to R3, it does not
allow
> me
> to do so and display again
> "ospf: Neigbor command is allowed only on NBMA and point-to-multipoint
> networks" but when I remove the following two sentences under the
router
> ospf before I add back the two neighbor commands it allow me to do so.
> After than, I add back the area 0 commands and all the configurations
work
> fine.
>
> area 0 authentication message-digest
> network 150.1.3.3 0.0.0.0 area 0
>
> Can anyone tell me why there is such a strange phenomenon????
>
>
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART