Re: OSPF --- AUTHENTICATION ISSSUE

From: NITIN NITIN (ccie_study_123@yahoo.com)
Date: Fri Aug 10 2007 - 12:57:01 ART


Hi ,
   
   
  FACING A BASIC ISSUE -- SINCE MORNING
   
  TRYING ON DYNAMIPS
   
  In continuation to previous mail
   
  WHEN I PUT NEIGHBOUR STATEMENT 1st it works
   
  then I PUT REST STATEMENTS in ROUTER OSPF
   
   
  Rack1R3(config)#router ospf 1
Rack1R3(config-router)# router-id 150.1.3.3
Rack1R3(config-router)# log-adjacency-changes
Rack1R3(config-router)# area 34 nssa no-summary
Rack1R3(config-router)#network 190.1.135.3 0.0.0.0 area 135
Rack1R3(config-router)#nei
Rack1R3(config-router)#neighbor 190.1.135.1
Rack1R3(config-router)#neighbor 190.1.135.5
  
Rack1R3(config-router)#do sh ip os nei
  Neighbor ID Pri State Dead Time Address Interface
N/A 0 DOWN/ - - 190.1.135.5 Serial2/0<<<<<<<<<STARTED to intiate
N/A 0 DOWN/ - - 190.1.135.1 Serial2/0
  
Rack1R3(config-router)#$rtual-link 150.1.5.5 authentication message-digest
Rack1R3(config-router)#$irtual-link 150.1.5.5 message-digest-key 1 md5 CISCO
Rack1R3(config-router)#$irtual-link 150.1.1.1 authentication message-digest
Rack1R3(config-router)#$irtual-link 150.1.1.1 message-digest-key 1 md5 CISCO
Rack1R3(config-router)# redistribute rip subnets
Rack1R3(config-router)# network 150.1.3.3 0.0.0.0 area 0
Rack1R3(config-router)# network 190.1.34.3 0.0.0.0 area 34
Rack1R3(config-router)#^Z
Rack1R3#wr

BUT WHEN ROUTER REEBOOTS
   
  3 FastEthernet/IEEE 802.3 interface(s)
4 Serial network interface(s)
125K bytes of non-volatile configuration memory.
  8192K bytes of Flash internal SIMM (Sector size 256K).
OSPF: Neighbor command is allowed only on NBMA and point-to-multipoint networks
OSPF: Neighbor command is allowed only on NBMA and point-to-multipoint networks
  
Press RETURN to get started!
   
   
   
  Rack1R3#sh ip ospf neighbor
  Neighbor ID Pri State Dead Time Address Interface
150.1.4.4 0 FULL/ - 00:00:38 150.1.4.4 Tunnel14
150.1.4.4 0 FULL/ - 00:00:36 190.1.34.4 Virtual-Access1

  NEIGHBPOURSHIP NOT EVEN INTIATING >>>>>>>>>>>>>>>>

   
   
  TO BRING NEIGHBOURSHIP UP
HAVE REMOVED AUTHENTICATION FOR THE MOMENT
   
  STILL ISUE
   
   
  interface Serial2/0
 ip address 190.1.135.3 255.255.255.0
 encapsulation frame-relay
 ip ospf authentication message-digest
 ip ospf message-digest-key 13 md5 CISCO13
 ip ospf message-digest-key 35 md5 CISCO35
 ip ospf network point-to-multipoint non-broadcast
 serial restart-delay 0
 no frame-relay inverse-arp IP 302
 no frame-relay inverse-arp IP 304
 no frame-relay inverse-arp IP 311
 no frame-relay inverse-arp IP 312
 no frame-relay inverse-arp IP 314
 no frame-relay inverse-arp IP 315
   
   
  
Herbert Maosa <asawilunda@googlemail.com> wrote:
  Can you send a dump of

show run interface < the-trouble-some-interface >. as well as a dump of
show ip ospf interface < the-trouble-some-interface >

Herbert.

On 8/10/07, NITIN NITIN wrote:
>
> Hi experts,
>
> PLEASE SUGGEST BADLY STUCK IN A ISSUE ......
>
>
> I'm trying OPSF AUTHENTICATION on SERIAL INT
>
> WITH TWO DIFFRENT KEYS FOR SPOKES
>
>
> ON physican int I have given
>
> ip ospf network point-to-multipoint non-broadcast
>
> still it gives me error when putting
>
>
> Rack1R3(config-router)# neighbor 190.1.135.1
> OSPF: Neighbor command is allowed only on NBMA and point-to-multipoint
> networks<<<<
> Rack1R3(config-router)# neighbor 190.1.135.5
> OSPF: Neighbor command is allowed only on NBMA and point-to-multipoint
> networks
>
>
> ALSO -- WHEN I
>
> see
> SH IP OSPF INT SE 2/0
>
> I SEE ONLY YOUNG KEY as 35
>
> NO ROLBACK KEY 13 <<<<<<<<<<<<<<<<<<
>
>
> HUB ROUTER R3----
>
>
> Enter configuration commands, one per line. End with CNTL/Z.
> Router(config)#version 12.3
> Router(config)#service timestamps debug datetime msec
> Router(config)#service timestamps log datetime msec
> Router(config)#no service password-encryption
> Router(config)#!
> Router(config)#hostname Rack1R3
> Rack1R3(config)#!
> Rack1R3(config)#boot-start-marker
> Rack1R3(config)#boot-end-marker
> Rack1R3(config)#!
> Rack1R3(config)#enable password cisco
> Rack1R3(config)#!
> Rack1R3(config)#no aaa new-model
> Rack1R3(config)#ip subnet-zero
> Rack1R3(config)#!
> Rack1R3(config)#!
> Rack1R3(config)#no ip domain lookup
> Rack1R3(config)#!
> Rack1R3(config)#ip cef
> Rack1R3(config)#!
> Rack1R3(config)#!
> Rack1R3(config)#key chain RIP
> Rack1R3(config-keychain)# key 1
> Rack1R3(config-keychain-key)# key-string CISCO
> Rack1R3(config-keychain-key)#!
> Rack1R3(config-keychain-key)#!
> Rack1R3(config-keychain-key)#!
> Rack1R3(config-keychain-key)#!
> Rack1R3(config-keychain-key)#!
> Rack1R3(config-keychain-key)#!
> Rack1R3(config-keychain-key)#!
> Rack1R3(config-keychain-key)#!
> Rack1R3(config-keychain-key)#!
> Rack1R3(config-keychain-key)#!
> Rack1R3(config-keychain-key)#!
> Rack1R3(config-keychain-key)#!
> Rack1R3(config-keychain-key)#!
> Rack1R3(config-keychain-key)#!
> Rack1R3(config-keychain-key)#interface Loopback0
> Rack1R3(config-if)# ip address 150.1.3.3 255.255.255.0
> Rack1R3(config-if)#!
> Rack1R3(config-if)#
> Rack1R3(config-if)#!
> Rack1R3(config-if)#interface FastEthernet0/0
> Rack1R3(config-if)# ip address 192.10.1.3 255.255.255.0
> Rack1R3(config-if)# ip rip authentication mode md5
> Rack1R3(config-if)# ip rip authentication key-chain RIP
> Rack1R3(config-if)# duplex full
> Rack1R3(config-if)#!
> Rack1R3(config-if)#interface FastEthernet1/0
> Rack1R3(config-if)# ip address 190.1.3.3 255.255.255.0
> Rack1R3(config-if)# duplex auto
> Rack1R3(config-if)# speed auto
> Rack1R3(config-if)#!
> Rack1R3(config-if)#interface FastEthernet1/1
> Rack1R3(config-if)# no ip address
> Rack1R3(config-if)# shutdown
> Rack1R3(config-if)# duplex auto
> Rack1R3(config-if)# speed auto
> Rack1R3(config-if)#!
> Rack1R3(config-if)#interface Serial2/0
> Rack1R3(config-if)# ip address 190.1.135.3 255.255.255.0
> Rack1R3(config-if)# encapsulation frame-relay
> Rack1R3(config-if)# ip ospf authentication message-digest
> Rack1R3(config-if)# ip ospf message-digest-key 13 md5 CISCO13
> Rack1R3(config-if)# ip ospf message-digest-key 35 md5 CISCO35
> Rack1R3(config-if)# ip ospf network point-to-multipoint non-broadcast
> Rack1R3(config-if)# serial restart-delay 0
> Rack1R3(config-if)# no frame-relay inverse-arp IP 302
> Rack1R3(config-if)# no frame-relay inverse-arp IP 304
> Rack1R3(config-if)# no frame-relay inverse-arp IP 311
> Rack1R3(config-if)# no frame-relay inverse-arp IP 312
> Rack1R3(config-if)# no frame-relay inverse-arp IP 314
> Rack1R3(config-if)# no frame-relay inverse-arp IP 315
> Rack1R3(config-if)#!
> Rack1R3(config-if)#interface Serial2/1
> Rack1R3(config-if)# no ip address
> Rack1R3(config-if)# encapsulation frame-relay
> Rack1R3(config-if)# serial restart-delay 0
> Rack1R3(config-if)# frame-relay interface-dlci 314 ppp Virtual-Template1
> Rack1R3(config-fr-dlci)# no frame-relay inverse-arp
> Rack1R3(config-if)#!
> Rack1R3(config-if)#interface Serial2/2
> Rack1R3(config-if)# no ip address
> Rack1R3(config-if)# shutdown
> Rack1R3(config-if)# serial restart-delay 0
> Rack1R3(config-if)#!
> Rack1R3(config-if)#interface Serial2/3
> Rack1R3(config-if)# no ip address
> Rack1R3(config-if)# shutdown
> Rack1R3(config-if)# serial restart-delay 0
> Rack1R3(config-if)#!
> Rack1R3(config-if)#interface Virtual-Template1
> Rack1R3(config-if)# ip address 190.1.34.3 255.255.255.0
> Rack1R3(config-if)# no peer neighbor-route
> Rack1R3(config-if)#!
> Rack1R3(config-if)#router ospf 1
> Rack1R3(config-router)# router-id 150.1.3.3
> Rack1R3(config-router)# log-adjacency-changes
> Rack1R3(config-router)# area 34 nssa no-summary
> Rack1R3(config-router)#$irtual-link 150.1.5.5 authentication
> message-digest
> Rack1R3(config-router)#$irtual-link 150.1.5.5 message-digest-key 1 md5
> CISCO
> Rack1R3(config-router)#$irtual-link 150.1.1.1 authentication
> message-digest
> Rack1R3(config-router)#$irtual-link 150.1.1.1 message-digest-key 1 md5
> CISCO
> Rack1R3(config-router)# redistribute rip subnets
> Rack1R3(config-router)# network 150.1.3.3 0.0.0.0 area 0
> Rack1R3(config-router)# network 190.1.34.3 0.0.0.0 area 34
> Rack1R3(config-router)# network 190.1.135.3 0.0.0.0 area 135
> Rack1R3(config-router)# neighbor 190.1.135.1
> OSPF: Neighbor command is allowed only on NBMA and point-to-multipoint
> networks<<<<
> Rack1R3(config-router)# neighbor 190.1.135.5
> OSPF: Neighbor command is allowed only on NBMA and point-to-multipoint
> networks
> Rack1R3(config-router)#!
> Rack1R3(config-router)#router rip
> Rack1R3(config-router)# version 2
> Rack1R3(config-router)# passive-interface default
> Rack1R3(config-router)# redistribute os 1 route-map OSPF>>RIP
> Rack1R3(config-router)# no passive-interface FastEthernet0/0
> Rack1R3(config-router)# no passive-interface FastEthernet1/0
> Rack1R3(config-router)# network 190.1.0.0
> Rack1R3(config-router)# network 192.10.1.0
> Rack1R3(config-router)# default-information originate route-map DR
> Rack1R3(config-router)# distribute-list 122 in FastEthernet0/0
> Rack1R3(config-router)# no auto-summary
> Rack1R3(config-router)#!
> Rack1R3(config-router)#ip classless
> Rack1R3(config)#no ip http server
> Rack1R3(config)#!
> Rack1R3(config)#!
> Rack1R3(config)#!
> Rack1R3(config)#ip prefix-list /24 seq 5 permit 190.1.0.0/24
> Rack1R3(config)#$ 122 deny ip host 192.10.1.254 222.22.2.0 0.0.0.255
> Rack1R3(config)#$ 122 permit ip host 192.10.1.253 222.22.2.0 0.0.0.255
> Rack1R3(config)#access-list 122 deny ip host 192.10.1.253 any
> Rack1R3(config)#access-list 122 permit ip any any
> Rack1R3(config)#!
> Rack1R3(config)#route-map DR permit 10
> Rack1R3(config-route-map)# set interface FastEthernet0/0
> Rack1R3(config-route-map)#!
> Rack1R3(config-route-map)#route-map OSPF>>RIP permit 10
> Rack1R3(config-route-map)# match ip address prefix-list /24
> Rack1R3(config-route-map)# set metric 10
> Rack1R3(config-route-map)#!
> Rack1R3(config-route-map)#route-map OSPF>>RIP permit 20
> Rack1R3(config-route-map)# set metric 1
> Rack1R3(config-route-map)#!
> Rack1R3(config-route-map)#!
> Rack1R3(config-route-map)#!
> Rack1R3(config-route-map)#!
> Rack1R3(config-route-map)#!
> Rack1R3(config-route-map)#!
> Rack1R3(config-route-map)#!
> Rack1R3(config-route-map)#gatekeeper
> Rack1R3(config-gk)# shutdown
> Rack1R3(config-gk)#!
> Rack1R3(config-gk)#!
> Rack1R3(config-gk)#line con 0
> Rack1R3(config-line)# exec-timeout 0 0
> Rack1R3(config-line)# privilege level 15
> Rack1R3(config-line)# logging synchronous
> Rack1R3(config-line)# stopbits 1
> Rack1R3(config-line)#line aux 0
> Rack1R3(config-line)# exec-timeout 0 0
> Rack1R3(config-line)# privilege level 15
> Rack1R3(config-line)# stopbits 1
> Rack1R3(config-line)#line vty 0 4
> Rack1R3(config-line)# password cisco
> Rack1R3(config-line)# login
> Rack1R3(config-line)#!
> Rack1R3(config-line)#!
> Rack1R3(config-line)#end
> Rack1R3#
>
>
>
>
>
> ---------------------------------
> Be a better Globetrotter. Get better travel answers from someone who
> knows.
> Yahoo! Answers - Check it out.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
Kindest regards,
hm


This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:10 ART