Issue with OSPF authentication using different MD5 keys over

From: Toh Soon, Lim (tohsoon28@gmail.com)
Date: Sat Sep 22 2007 - 01:01:59 ART

• Next message: Herbert Maosa: "Fwd: Issue with OSPF authentication using different MD5 keys"
• Previous message: Gregory Gombas: "Re: BYTE LIMIT FIELD in output show traffic shape"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Group,

I'm having a little problem getting OSPF authentication to work using
different md5 keys for different neighbors over frame relay.

R2 is the hub. Spokes are R5 and R6. OSPF P2MP non-broadcast mode is
configured. R5's shared key is r5key and R6's shared key is r6key.

R2 Config
---------
!
interface Serial0/0/0.56 multipoint
 description *** FR Connection to R5,R6 ***
 ip address 136.10.100.2 255.255.255.224
 ip ospf authentication message-digest
 ip ospf message-digest-key 6 md5 r6key
 ip ospf message-digest-key 5 md5 r5key
 ip ospf network point-to-multipoint non-broadcast
 frame-relay map ip 136.10.100.5 105 broadcast
 frame-relay map ip 136.10.100.6 106 broadcast
 no frame-relay inverse-arp
!
router ospf 1
 network 136.10.100.2 0.0.0.0 area 0
 neighbor 136.10.100.6
 neighbor 136.10.100.5
!

R5 Config
---------
!
interface Serial0/0/0
 description *** FR Connection to R2 ***
 ip address 136.10.100.5 255.255.255.224
 encapsulation frame-relay
 ip ospf authentication message-digest
 ip ospf message-digest-key 5 md5 r5key
 ip ospf network point-to-multipoint non-broadcast
 frame-relay map ip 136.10.100.2 501 broadcast
 no frame-relay inverse-arp
!
router ospf 1
 network 136.10.100.5 0.0.0.0 area 0
!

R6 Config
---------
!
interface Serial0/0/0
 description *** FR Connection to R2 ***
 ip address 136.10.100.6 255.255.255.224
 encapsulation frame-relay
 ip ospf authentication message-digest
 ip ospf message-digest-key 6 md5 r6key
 ip ospf network point-to-multipoint non-broadcast
 frame-relay map ip 136.10.100.2 601 broadcast
 no frame-relay inverse-arp
!
router ospf 1
 network 136.10.100.6 0.0.0.0 area 0
!

R2 and R5 have full adjacency. Full adjacency between R2 and R6 cannot be
established.

Outputs of "deb ip os adj" on R2 show:

OSPF: Send with youngest Key 5

Outputs of "deb ip os adj" on R6 show:

OSPF: Rcv pkt from 136.10.100.2, Serial0/0/0 : Mismatch Authentication Key -
No message digest key 5 on interface
OSPF: Send with youngest Key 6

I'm expecting R2 to send multiple copies of OSPF packets, each authenticated
by the two keys, to R5 and R6. At least that's what I understood on DocCD
OSPF Command Ref. From the debug outputs, it seems that R2 only uses key 5.

Can anyone suggest how to work around this issue so that the task can be
achieved?

Many thanks.

B.Rgds,
Lim TS

• Next message: Herbert Maosa: "Fwd: Issue with OSPF authentication using different MD5 keys"
• Previous message: Gregory Gombas: "Re: BYTE LIMIT FIELD in output show traffic shape"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:15 ART