Re: OSPF authentication with different keys

From: nisha rani (nisharani1@googlemail.com)
Date: Mon Nov 27 2006 - 06:06:02 ART

• Next message: PANDI MOORTHY: "Re: BGP Local-AS"
• Previous message: Rak Bharad: "Passed the CCIE R&S Lab on 24th Nov 2006 in Bangalore"
• Maybe in reply to: Ricky MK Au: "OSPF authentication with different keys"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Can you check what version of IOS you are running? this is a bug in 12.4. I
have encounter this problem earlier on. remove your virtual link config
and manually add neighbor and add virtual link. It will work but as soon as
you reload the router problem will come again.

Regards,

On 27/11/06, Ricky MK Au <aurmk@hk1.ibm.com> wrote:
>
> Dear all,
>
> I have two questions when I do the IELAB Vol.2 Lab 3 section 4.6. In it,
> it
> ask to configure OSPF authentication across the Frame Relay cloud between
> R1, R3, and R5.
>
> - " Use the password of CISCO13 for the OSPF neighbor relationship between
> R1
> and R3.
> - " Use the password of CISCO35 for the OSPF neighbor relationship between
> R3
> and R5.
>
> where R3 is the Hub and area 135 is the OSPF area between the frame-relay
> cloud of R1,R3 and R5. I extract the OSPF configuration of R1, R3 and R5
> as
> below.
>
> =============================================================================
> ===============
>
> R1:
> interface Serial0/0
> ip address 190.1.135.1 255.255.255.0
> ip pim sparse-dense-mode
> encapsulation frame-relay
> ip ospf message-digest-key 13 md5 CISCO13
> ip ospf network point-to-multipoint non-broadcast
> no frame-relay inverse-arp IP 102
> no frame-relay inverse-arp IP 104
> no frame-relay inverse-arp IP 105
> no frame-relay inverse-arp IP 113
>
> router ospf 1
> router-id 150.1.1.1
> log-adjacency-changes
> area 0 authentication message-digest
> area 135 authentication message-digest
> area 17 virtual-link 150.1.7.7 message-digest-key 1 md5 CISCO
> area 135 virtual-link 150.1.3.3 message-digest-key 1 md5 CISCO
> network 150.1.1.1 0.0.0.0 area 0
> network 190.1.17.1 0.0.0.0 area 17
> network 190.1.135.1 0.0.0.0 area 135
> network 0.0.0.0 255.255.255.255 area 135
>
> R3: (Hub)
> interface Serial1/0
> ip address 190.1.135.3 255.255.255.0
> ip pim nbma-mode
> ip pim sparse-dense-mode
> encapsulation frame-relay
> ip ospf message-digest-key 13 md5 CISCO13
> ip ospf message-digest-key 35 md5 CISCO35
> ip ospf network point-to-multipoint non-broadcast
> no frame-relay inverse-arp IP 301
> no frame-relay inverse-arp IP 302
> no frame-relay inverse-arp IP 304
> no frame-relay inverse-arp IP 311
> no frame-relay inverse-arp IP 312
> no frame-relay inverse-arp IP 314
> no frame-relay inverse-arp IP 315
>
> router ospf 1
> router-id 150.1.3.3
> ispf
> log-adjacency-changes
> area 0 authentication message-digest
> area 135 authentication message-digest
> area 34 stub no-summary
> area 135 virtual-link 150.1.5.5 message-digest-key 1 md5 CISCO
> area 135 virtual-link 150.1.1.1 message-digest-key 1 md5 CISCO
> redistribute rip subnets
> network 150.1.3.3 0.0.0.0 area 0
> network 190.1.34.3 0.0.0.0 area 34
> network 190.1.135.3 0.0.0.0 area 135
> neighbor 190.1.135.5
> neighbor 190.1.135.1
> !
>
> R5:
> interface Serial0/0
> ip address 190.1.135.5 255.255.255.0
> ip pim sparse-dense-mode
> encapsulation frame-relay
> ip ospf message-digest-key 35 md5 CISCO35
> ip ospf network point-to-multipoint non-broadcast
> no frame-relay inverse-arp IP 501
> no frame-relay inverse-arp IP 502
> no frame-relay inverse-arp IP 504
> no frame-relay inverse-arp IP 513
> !
>
> router ospf 1
> router-id 150.1.5.5
> log-adjacency-changes
> area 0 authentication message-digest
> area 135 authentication message-digest
> area 135 virtual-link 150.1.3.3 message-digest-key 1 md5 CISCO
> redistribute static subnets
> redistribute eigrp 10 subnets
> network 150.1.5.5 0.0.0.0 area 0
> network 190.1.135.5 0.0.0.0 area 135
> !
>
> =============================================================================
> =======================================================
>
> With the configuration as above I encountered the following 2 problems
>
> 1. Only key 35 is being sent and therefore only R3 and R5 form an OSPF
> neighbor while R3 and R1 cannot form an OSPF neighbor. What is the
> problem?
>
> 2. When I reboot R3 with the above configuration, it shows "neighbor
> command is allowed only on NBMA and point-to-multipoint networks" and the
> two neighbor commands below under the router ospf configuration disappear.
>
> neighbor 190.1.135.5 ===> disappear
> neighbor 190.1.135.1 ===> disappear
>
> when I tried to add the above two commands back to R3, it does not allow
> me
> to do so and display again
> "ospf: Neigbor command is allowed only on NBMA and point-to-multipoint
> networks" but when I remove the following two sentences under the router
> ospf before I add back the two neighbor commands it allow me to do so.
> After than, I add back the area 0 commands and all the configurations work
> fine.
>
> area 0 authentication message-digest
> network 150.1.3.3 0.0.0.0 area 0
>
> Can anyone tell me why there is such a strange phenomenon????
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: PANDI MOORTHY: "Re: BGP Local-AS"
• Previous message: Rak Bharad: "Passed the CCIE R&S Lab on 24th Nov 2006 in Bangalore"
• Maybe in reply to: Ricky MK Au: "OSPF authentication with different keys"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART