From: Malcolm Price (malcolm@lanbase.com)
Date: Tue Sep 24 2002 - 16:26:51 GMT-3
Dave,
I have a similar setup which is working, but I see it necessary to define
"ip opsf authentication message-digest". Here is what I used:
interface Serial0/0
ip address 139.1.39.6 255.255.255.0
encapsulation frame-relay
ip ospf message-digest-key 1 md5 secure
ip ospf priority 10
frame-relay map ip 139.1.39.3 604 broadcast
frame-relay map ip 139.1.39.4 604 broadcast
no frame-relay inverse-arp
frame-relay lmi-type ansi
end
r6_2621#sh ip ospf interface s0/0
Serial0/0 is up, line protocol is up
Internet Address 139.1.39.6/24, Area 1
Process ID 100, Router ID 6.6.6.6, Network Type NON_BROADCAST, Cost: 64
Transmit Delay is 1 sec, State DR, Priority 10
Designated Router (ID) 6.6.6.6, Interface address 139.1.39.6
Backup Designated router (ID) 40.4.4.4, Interface address 136.1.34.4
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
Hello due in 00:00:11
Index 1/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 2, maximum is 2
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 40.4.4.4 (Backup Designated Router)
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 1
r6_2621#
Hope that helps,
Regards,
Malcolm
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Dave Stoddard
Sent: Tuesday, September 24, 2002 6:59 PM
To: ccielab@groupstudy.com
Subject: OSPF Authentication
I sent this question yesterday, but I didn't see that it made it to the
list. So sorry if somehow this makes it to the list twice.
1> I have the following configuration (only a portion shown) & everything is
working fine. The specific requirement I'm working on is MD5 authentication
in area 1. What I don't understand is that when I issue the show ip ospf
interface command it shows "Message digest authentication enabled", but "No
key configured, using default key id 0". Why does it show no key
configured?
2> When the lab asks to use MD5 authentication, does it matter encryption
type, i.e. "<0-7> Encryption type (0 for not yet encrypted, 7 for
proprietary)"?
interface Serial0/0.4 multipoint
ip address 135.3.12.4 255.255.255.248
ip ospf authentication message-digest
ip ospf authentication-key 6 secure
ip ospf network non-broadcast
frame-relay map ip 135.3.12.3 300 broadcast
frame-relay map ip 135.3.12.4 401 broadcast
frame-relay map ip 135.3.12.6 401 broadcast
no frame-relay inverse-arp
!
router ospf 100
router-id 135.3.4.4
log-adjacency-changes
area 0 authentication
area 1 authentication message-digest
area 1 virtual-link 135.3.6.6 authentication message-digest
authentication-key 6 secure
area 1 virtual-link 135.3.3.3 authentication message-digest
authentication-key 6 secure
passive-interface Ethernet0/0
passive-interface Serial0/1
network 135.3.4.0 0.0.0.255 area 1
network 135.3.12.0 0.0.0.7 area 1
network 135.3.28.0 0.0.0.255 area 0
neighbor 135.3.12.3
neighbor 135.3.12.6
**********************
r4#sh ip ospf int
Serial0/0.4 is up, line protocol is up
Internet Address 135.3.12.4/29, Area 1
Process ID 100, Router ID 135.3.4.4, Network Type NON_BROADCAST, Cost: 64
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) r4, Interface address 135.3.12.4
No backup designated router on this network
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
Hello due in 00:00:06
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 4
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 2, Adjacent neighbor count is 2
Adjacent with neighbor r3
Adjacent with neighbor r6
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
No key configured, using default key id 0
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:44:02 GMT-3