Fwd: About OSPF area authentication (IELAB Vol. 2 Lab 3)

From: Ming Ki Au (aurmkstr@gmail.com)
Date: Mon Nov 27 2006 - 02:32:38 ART

• Next message: Salman Abbas: "Re: VLAN"
• Previous message: Mathew: "How to reduce TCP SYN attacks, UDP/ICMP flooding & other virus"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hey, can anyone show me the archive that have discussed my problem before?
---------- Forwarded message ----------
From: Ming Ki Au <aurmkstr@gmail.com>
Date: Nov 24, 2006 1:08 PM
Subject: Re: About OSPF area authentication (IELAB Vol. 2 Lab 3)
To: Michael Zuo <mzuo@ixiacom.com>
Cc: Nick Griffin <nick.jon.griffin@gmail.com>, ccielab@groupstudy.com

Can anyone show me the archive? What is wrong for my configuration? I
believe my virtual-link configuration is fine....

On 11/22/06, Michael Zuo <mzuo@ixiacom.com> wrote:
>
> Check your virtual link configuration. That should fix the problem...
> yes, there are recent threads re: this
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Nick Griffin
> Sent: Tuesday, November 21, 2006 6:37 AM
> To: Ming Ki Au
> Cc: ccielab@groupstudy.com
> Subject: Re: About OSPF area authentication (IELAB Vol. 2 Lab 3)
>
> I recall this begin a bug. There should be a recent discussion in the
> archives.
>
> On 11/21/06, Ming Ki Au <aurmkstr@gmail.com> wrote:
> >
> > Hey all,
> >
> > Is there anybody can help answer my questions below????
> >
> > ---------- Forwarded message ----------
> > From: Ricky MK Au <aurmk@hk1.ibm.com>
> > Date: Nov 20, 2006 12:48 AM
> > Subject: About OSPF area authentication (IELAB Vol. 2 Lab 3)
> > To: ccielab@groupstudy.com
> >
> > Dear all,
> >
> > I found some interesting things that I would like to see anybody can
> help
> > me to understand. I have two questions when I do the IELAB Vol.2 Lab 3
> > section 4.6. In it, it ask to configure OSPF authentication across the
> > Frame Relay cloud between R1, R3, and R5.
> > b" Use the password of CISCO13 for the OSPF neighbor relationship
> between
> > R1
> > and R3.
> > b" Use the password of CISCO35 for the OSPF neighbor relationship
> between
> > R3
> > and R5.
> >
> > where R3 is the Hub and area 135 is the OSPF area between the
> frame-relay
> > cloud of R1,R3 and R5. I extract the OSPF configuration of R1, R3 and
> R5
> > as
> > below.
> >
> >
> ========================================================================
> ====================
> > R1:
> > interface Serial0/0
> > ip address 190.1.135.1 255.255.255.0
> > ip pim sparse-dense-mode
> > encapsulation frame-relay
> > ip ospf message-digest-key 13 md5 CISCO13
> > ip ospf network point-to-multipoint non-broadcast
> > no frame-relay inverse-arp IP 102
> > no frame-relay inverse-arp IP 104
> > no frame-relay inverse-arp IP 105
> > no frame-relay inverse-arp IP 113
> >
> > router ospf 1
> > router-id 150.1.1.1
> > log-adjacency-changes
> > area 0 authentication message-digest
> > area 135 authentication message-digest
> > area 17 virtual-link 150.1.7.7 message-digest-key 1 md5 CISCO
> > area 135 virtual-link 150.1.3.3 message-digest-key 1 md5 CISCO
> > network 150.1.1.1 0.0.0.0 area 0
> > network 190.1.17.1 0.0.0.0 area 17
> > network 190.1.135.1 0.0.0.0 area 135
> > network 0.0.0.0 255.255.255.255 area 135
> >
> > R3: (Hub)
> > interface Serial1/0
> > ip address 190.1.135.3 255.255.255.0
> > ip pim nbma-mode
> > ip pim sparse-dense-mode
> > encapsulation frame-relay
> > ip ospf message-digest-key 13 md5 CISCO13
> > ip ospf message-digest-key 35 md5 CISCO35
> > ip ospf network point-to-multipoint non-broadcast
> > no frame-relay inverse-arp IP 301
> > no frame-relay inverse-arp IP 302
> > no frame-relay inverse-arp IP 304
> > no frame-relay inverse-arp IP 311
> > no frame-relay inverse-arp IP 312
> > no frame-relay inverse-arp IP 314
> > no frame-relay inverse-arp IP 315
> >
> > router ospf 1
> > router-id 150.1.3.3
> > ispf
> > log-adjacency-changes
> > area 0 authentication message-digest
> > area 135 authentication message-digest
> > area 34 stub no-summary
> > area 135 virtual-link 150.1.5.5 message-digest-key 1 md5 CISCO
> > area 135 virtual-link 150.1.1.1 message-digest-key 1 md5 CISCO
> > redistribute rip subnets
> > network 150.1.3.3 0.0.0.0 area 0
> > network 190.1.34.3 0.0.0.0 area 34
> > network 190.1.135.3 0.0.0.0 area 135
> > neighbor 190.1.135.5
> > neighbor 190.1.135.1
> > !
> >
> > R5:
> > interface Serial0/0
> > ip address 190.1.135.5 255.255.255.0
> > ip pim sparse-dense-mode
> > encapsulation frame-relay
> > ip ospf message-digest-key 35 md5 CISCO35
> > ip ospf network point-to-multipoint non-broadcast
> > no frame-relay inverse-arp IP 501
> > no frame-relay inverse-arp IP 502
> > no frame-relay inverse-arp IP 504
> > no frame-relay inverse-arp IP 513
> > !
> >
> > router ospf 1
> > router-id 150.1.5.5
> > log-adjacency-changes
> > area 0 authentication message-digest
> > area 135 authentication message-digest
> > area 135 virtual-link 150.1.3.3 message-digest-key 1 md5 CISCO
> > redistribute static subnets
> > redistribute eigrp 10 subnets
> > network 150.1.5.5 0.0.0.0 area 0
> > network 190.1.135.5 0.0.0.0 area 135
> > !
> >
> >
> ========================================================================
> ============================================================
> > With the configuration as above I encountered the following 2 problems
> >
> > 1. Only key 35 is being sent and therefore only R3 and R5 form an OSPF
> > neighbor while R3 and R1 cannot form an OSPF neighbor. What is the
> > problem?
> >
> > 2. When I reboot R3 with the above configuration, it shows "neighbor
> > command is allowed only on NBMA and point-to-multipoint networks" and
> the
> > two neighbor commands below under the router ospf configuration
> disappear.
> >
> > neighbor 190.1.135.5 ===> disappear
> > neighbor 190.1.135.1 ===> disappear
> >
> > when I tried to add the above two commands back to R3, it does not
> allow
> > me
> > to do so and display again
> > "ospf: Neigbor command is allowed only on NBMA and point-to-multipoint
> > networks" but when I remove the following two sentences under the
> router
> > ospf before I add back the two neighbor commands it allow me to do so.
> > After than, I add back the area 0 commands and all the configurations
> work
> > fine.
> >
> > area 0 authentication message-digest
> > network 150.1.3.3 0.0.0.0 area 0
> >
> > Can anyone tell me why there is such a strange phenomenon????
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Salman Abbas: "Re: VLAN"
• Previous message: Mathew: "How to reduce TCP SYN attacks, UDP/ICMP flooding & other virus"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART