Re: OSPF --- AUTHENTICATION ISSSUE

From: Serhat Aslan (serhatworks@gmail.com)
Date: Fri Aug 10 2007 - 13:22:59 ART

 One of the previous letters (probably last week) written about this
problem.
* An active "ip ospf non-broadcast" + "virtual-link" statement, after that
applying a neighbor statement had been rejected, due to ios bug.
* AFAIK, when using p-t-mp nonbroadcast, neighbor statement hasn't give any
error.

Serhat Aslan

On 8/10/07, NITIN NITIN <ccie_study_123@yahoo.com> wrote:
>
> Hi ,
>
> Thanks for havving a look --
>
> COMMANDS ASKED ARE PASTED BELOW
>
>
> interface Serial2/0
> ip address 190.1.135.3 255.255.255.0
> encapsulation frame-relay
> ip ospf network point-to-multipoint non-broadcast
> serial restart-delay 0
> no frame-relay inverse-arp IP 302
> no frame-relay inverse-arp IP 304
> no frame-relay inverse-arp IP 311
> no frame-relay inverse-arp IP 312
> no frame-relay inverse-arp IP 314
> no frame-relay inverse-arp IP 315
> !
>
> Rack1R3# sh ip ospf interface serial 2/0
> Serial2/0 is up, line protocol is up
> Internet Address 190.1.135.3/24, Area 135
> Process ID 1, Router ID 150.1.3.3, Network Type POINT_TO_MULTIPOINT,
> Cost: 64
> Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT,
> Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
> oob-resync timeout 120
> Hello due in 00:00:13
> Index 1/7, flood queue length 0
> Next 0x0(0)/0x0(0)
> Last flood scan length is 0, maximum is 0
> Last flood scan time is 0 msec, maximum is 0 msec
> Neighbor Count is 0, Adjacent neighbor count is 0
> Suppress hello for 0 neighbor(s)
>
> router ospf 1
> router-id 150.1.3.3
> log-adjacency-changes
> area 34 nssa no-summary
> area 135 virtual-link 150.1.5.5 authentication message-digest
> area 135 virtual-link 150.1.5.5 message-digest-key 1 md5 CISCO
> area 135 virtual-link 150.1.1.1 authentication message-digest
> area 135 virtual-link 150.1.1.1 message-digest-key 1 md5 CISCO
> redistribute rip subnets
> network 150.1.3.3 0.0.0.0 area 0
> network 190.1.34.3 0.0.0.0 area 34
> network 190.1.135.3 0.0.0.0 area 135
>
>
>
> MY ISSUE BEFORE GOING TO AUTHENTICATION IS COMING IS NOW IN
> NEIGHBOURSHIP
>
> I PUT NEIGHBOUR COMMAND ROUTER SAYS
>
> Rack1R3(config-router)# neighbor 190.1.135.5
> > OSPF: Neighbor command is allowed only on NBMA and point-to-multipoint
> > networks
>
> AND WHEN I PUT NEIGHBOUR COMMNAD AND
> network 190.1.135.3 0.0.0.0 area 135
>
> ROUTER TAKES IT
>
> after putting rest commands in router ospf neighbor command get removed
>
> PLEASE SUGGEST , STUCK SINCE WHOLE DAY
>
>
>
> Regard
>
> Herbert Maosa <asawilunda@googlemail.com> wrote:
> Can you send a dump of
>
> show run interface < the-trouble-some-interface >. as well as a dump of
> show ip ospf interface < the-trouble-some-interface >
>
>
>
> Herbert.
>
>
> On 8/10/07, NITIN NITIN wrote:
> >
> > Hi experts,
> >
> > PLEASE SUGGEST BADLY STUCK IN A ISSUE ......
> >
> >
> > I'm trying OPSF AUTHENTICATION on SERIAL INT
> >
> > WITH TWO DIFFRENT KEYS FOR SPOKES
> >
> >
> > ON physican int I have given
> >
> > ip ospf network point-to-multipoint non-broadcast
> >
> > still it gives me error when putting
> >
> >
> > Rack1R3(config-router)# neighbor 190.1.135.1
> > OSPF: Neighbor command is allowed only on NBMA and point-to-multipoint
> > networks<<<<
> > Rack1R3(config-router)# neighbor 190.1.135.5
> > OSPF: Neighbor command is allowed only on NBMA and point-to-multipoint
> > networks
> >
> >
> > ALSO -- WHEN I
> >
> > see
> > SH IP OSPF INT SE 2/0
> >
> > I SEE ONLY YOUNG KEY as 35
> >
> > NO ROLBACK KEY 13 <<<<<<<<<<<<<<<<<<
> >
> >
> > HUB ROUTER R3----
> >
> >
> > Enter configuration commands, one per line. End with CNTL/Z.
> > Router(config)#version 12.3
> > Router(config)#service timestamps debug datetime msec
> > Router(config)#service timestamps log datetime msec
> > Router(config)#no service password-encryption
> > Router(config)#!
> > Router(config)#hostname Rack1R3
> > Rack1R3(config)#!
> > Rack1R3(config)#boot-start-marker
> > Rack1R3(config)#boot-end-marker
> > Rack1R3(config)#!
> > Rack1R3(config)#enable password cisco
> > Rack1R3(config)#!
> > Rack1R3(config)#no aaa new-model
> > Rack1R3(config)#ip subnet-zero
> > Rack1R3(config)#!
> > Rack1R3(config)#!
> > Rack1R3(config)#no ip domain lookup
> > Rack1R3(config)#!
> > Rack1R3(config)#ip cef
> > Rack1R3(config)#!
> > Rack1R3(config)#!
> > Rack1R3(config)#key chain RIP
> > Rack1R3(config-keychain)# key 1
> > Rack1R3(config-keychain-key)# key-string CISCO
> > Rack1R3(config-keychain-key)#!
> > Rack1R3(config-keychain-key)#!
> > Rack1R3(config-keychain-key)#!
> > Rack1R3(config-keychain-key)#!
> > Rack1R3(config-keychain-key)#!
> > Rack1R3(config-keychain-key)#!
> > Rack1R3(config-keychain-key)#!
> > Rack1R3(config-keychain-key)#!
> > Rack1R3(config-keychain-key)#!
> > Rack1R3(config-keychain-key)#!
> > Rack1R3(config-keychain-key)#!
> > Rack1R3(config-keychain-key)#!
> > Rack1R3(config-keychain-key)#!
> > Rack1R3(config-keychain-key)#!
> > Rack1R3(config-keychain-key)#interface Loopback0
> > Rack1R3(config-if)# ip address 150.1.3.3 255.255.255.0
> > Rack1R3(config-if)#!
> > Rack1R3(config-if)#
> > Rack1R3(config-if)#!
> > Rack1R3(config-if)#interface FastEthernet0/0
> > Rack1R3(config-if)# ip address 192.10.1.3 255.255.255.0
> > Rack1R3(config-if)# ip rip authentication mode md5
> > Rack1R3(config-if)# ip rip authentication key-chain RIP
> > Rack1R3(config-if)# duplex full
> > Rack1R3(config-if)#!
> > Rack1R3(config-if)#interface FastEthernet1/0
> > Rack1R3(config-if)# ip address 190.1.3.3 255.255.255.0
> > Rack1R3(config-if)# duplex auto
> > Rack1R3(config-if)# speed auto
> > Rack1R3(config-if)#!
> > Rack1R3(config-if)#interface FastEthernet1/1
> > Rack1R3(config-if)# no ip address
> > Rack1R3(config-if)# shutdown
> > Rack1R3(config-if)# duplex auto
> > Rack1R3(config-if)# speed auto
> > Rack1R3(config-if)#!
> > Rack1R3(config-if)#interface Serial2/0
> > Rack1R3(config-if)# ip address 190.1.135.3 255.255.255.0
> > Rack1R3(config-if)# encapsulation frame-relay
> > Rack1R3(config-if)# ip ospf authentication message-digest
> > Rack1R3(config-if)# ip ospf message-digest-key 13 md5 CISCO13
> > Rack1R3(config-if)# ip ospf message-digest-key 35 md5 CISCO35
> > Rack1R3(config-if)# ip ospf network point-to-multipoint non-broadcast
> > Rack1R3(config-if)# serial restart-delay 0
> > Rack1R3(config-if)# no frame-relay inverse-arp IP 302
> > Rack1R3(config-if)# no frame-relay inverse-arp IP 304
> > Rack1R3(config-if)# no frame-relay inverse-arp IP 311
> > Rack1R3(config-if)# no frame-relay inverse-arp IP 312
> > Rack1R3(config-if)# no frame-relay inverse-arp IP 314
> > Rack1R3(config-if)# no frame-relay inverse-arp IP 315
> > Rack1R3(config-if)#!
> > Rack1R3(config-if)#interface Serial2/1
> > Rack1R3(config-if)# no ip address
> > Rack1R3(config-if)# encapsulation frame-relay
> > Rack1R3(config-if)# serial restart-delay 0
> > Rack1R3(config-if)# frame-relay interface-dlci 314 ppp Virtual-Template1
> > Rack1R3(config-fr-dlci)# no frame-relay inverse-arp
> > Rack1R3(config-if)#!
> > Rack1R3(config-if)#interface Serial2/2
> > Rack1R3(config-if)# no ip address
> > Rack1R3(config-if)# shutdown
> > Rack1R3(config-if)# serial restart-delay 0
> > Rack1R3(config-if)#!
> > Rack1R3(config-if)#interface Serial2/3
> > Rack1R3(config-if)# no ip address
> > Rack1R3(config-if)# shutdown
> > Rack1R3(config-if)# serial restart-delay 0
> > Rack1R3(config-if)#!
> > Rack1R3(config-if)#interface Virtual-Template1
> > Rack1R3(config-if)# ip address 190.1.34.3 255.255.255.0
> > Rack1R3(config-if)# no peer neighbor-route
> > Rack1R3(config-if)#!
> > Rack1R3(config-if)#router ospf 1
> > Rack1R3(config-router)# router-id 150.1.3.3
> > Rack1R3(config-router)# log-adjacency-changes
> > Rack1R3(config-router)# area 34 nssa no-summary
> > Rack1R3(config-router)#$irtual-link 150.1.5.5 authentication
> > message-digest
> > Rack1R3(config-router)#$irtual-link 150.1.5.5 message-digest-key 1 md5
> > CISCO
> > Rack1R3(config-router)#$irtual-link 150.1.1.1 authentication
> > message-digest
> > Rack1R3(config-router)#$irtual-link 150.1.1.1 message-digest-key 1 md5
> > CISCO
> > Rack1R3(config-router)# redistribute rip subnets
> > Rack1R3(config-router)# network 150.1.3.3 0.0.0.0 area 0
> > Rack1R3(config-router)# network 190.1.34.3 0.0.0.0 area 34
> > Rack1R3(config-router)# network 190.1.135.3 0.0.0.0 area 135
> > Rack1R3(config-router)# neighbor 190.1.135.1
> > OSPF: Neighbor command is allowed only on NBMA and point-to-multipoint
> > networks<<<<
> > Rack1R3(config-router)# neighbor 190.1.135.5
> > OSPF: Neighbor command is allowed only on NBMA and point-to-multipoint
> > networks
> > Rack1R3(config-router)#!
> > Rack1R3(config-router)#router rip
> > Rack1R3(config-router)# version 2
> > Rack1R3(config-router)# passive-interface default
> > Rack1R3(config-router)# redistribute os 1 route-map OSPF>>RIP
> > Rack1R3(config-router)# no passive-interface FastEthernet0/0
> > Rack1R3(config-router)# no passive-interface FastEthernet1/0
> > Rack1R3(config-router)# network 190.1.0.0
> > Rack1R3(config-router)# network 192.10.1.0
> > Rack1R3(config-router)# default-information originate route-map DR
> > Rack1R3(config-router)# distribute-list 122 in FastEthernet0/0
> > Rack1R3(config-router)# no auto-summary
> > Rack1R3(config-router)#!
> > Rack1R3(config-router)#ip classless
> > Rack1R3(config)#no ip http server
> > Rack1R3(config)#!
> > Rack1R3(config)#!
> > Rack1R3(config)#!
> > Rack1R3(config)#ip prefix-list /24 seq 5 permit 190.1.0.0/24
> > Rack1R3(config)#$ 122 deny ip host 192.10.1.254 222.22.2.0 0.0.0.255
> > Rack1R3(config)#$ 122 permit ip host 192.10.1.253 222.22.2.0 0.0.0.255
> > Rack1R3(config)#access-list 122 deny ip host 192.10.1.253 any
> > Rack1R3(config)#access-list 122 permit ip any any
> > Rack1R3(config)#!
> > Rack1R3(config)#route-map DR permit 10
> > Rack1R3(config-route-map)# set interface FastEthernet0/0
> > Rack1R3(config-route-map)#!
> > Rack1R3(config-route-map)#route-map OSPF>>RIP permit 10
> > Rack1R3(config-route-map)# match ip address prefix-list /24
> > Rack1R3(config-route-map)# set metric 10
> > Rack1R3(config-route-map)#!
> > Rack1R3(config-route-map)#route-map OSPF>>RIP permit 20
> > Rack1R3(config-route-map)# set metric 1
> > Rack1R3(config-route-map)#!
> > Rack1R3(config-route-map)#!
> > Rack1R3(config-route-map)#!
> > Rack1R3(config-route-map)#!
> > Rack1R3(config-route-map)#!
> > Rack1R3(config-route-map)#!
> > Rack1R3(config-route-map)#!
> > Rack1R3(config-route-map)#gatekeeper
> > Rack1R3(config-gk)# shutdown
> > Rack1R3(config-gk)#!
> > Rack1R3(config-gk)#!
> > Rack1R3(config-gk)#line con 0
> > Rack1R3(config-line)# exec-timeout 0 0
> > Rack1R3(config-line)# privilege level 15
> > Rack1R3(config-line)# logging synchronous
> > Rack1R3(config-line)# stopbits 1
> > Rack1R3(config-line)#line aux 0
> > Rack1R3(config-line)# exec-timeout 0 0
> > Rack1R3(config-line)# privilege level 15
> > Rack1R3(config-line)# stopbits 1
> > Rack1R3(config-line)#line vty 0 4
> > Rack1R3(config-line)# password cisco
> > Rack1R3(config-line)# login
> > Rack1R3(config-line)#!
> > Rack1R3(config-line)#!
> > Rack1R3(config-line)#end
> > Rack1R3#
> >
> >
> >
> >
> >
> > ---------------------------------
> > Be a better Globetrotter. Get better travel answers from someone who
> > knows.
> > Yahoo! Answers - Check it out.
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
> --
> Kindest regards,
> hm
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
> ---------------------------------
> Be a better Heartthrob. Get better relationship answers from someone who
> knows.
> Yahoo! Answers - Check it out.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:10 ART