01-21-2008 12:50 AM - edited 03-03-2019 08:20 PM
To enable OSPF MD5 authentication, is it necessary to run it under all interfaces of a router.
If I don't enable it under a interface (and enable it under router process and rest of the interfaces)will that interface's network will not be advertised to the rest of the network. e.g; if a LAN switch is connected to an interface on which users are connected and I don't enable authn on that typical interface then ??
01-21-2008 01:03 AM
Its not mandatory that all interface should run authentication even if u have configured under the ospf process,but its mandatory that it must be configured on all neighbors reached through that interface,otherwise adjacency will not be formed..
arun
01-21-2008 01:04 AM
Hi,
Here is an example "Sample Configuration for Authentication in OSPF" http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094069.shtml
If I understand well your question, the answer is: "The network will be advertised; the method for not advertise the network is by route map...that is a selection of routes that must be advertised".
I hope this helps.
Best regards.
Massimiliano.
01-21-2008 01:07 AM
hi,
The authentication type must be the same for all routers and access servers in an area. The authentication password for all OSPF routers on a network must be the same if they are to communicate with each other via OSPF. Use the ip ospf authentication-key interface command to specify this password.
If you enable MD5 authentication with the message-digest keyword, you must configure a password with the ip ospf message-digest-key interface command.
To remove the authentication specification for an area, use the no form of this command with the authentication keyword.
You typically enable authentication for a area not for specific interface.The authentication affects the communication between the routers of the authenticated area,not between the users and switches.
HTH,
regards,
shri :)
03-21-2018 09:35 AM
03-21-2018 10:01 AM
Hello,
do you have are or interface authentication configured ? In case of the latter, post the output of 'show ospf x interface y'...
03-21-2018 10:32 AM
03-21-2018 12:11 PM
Hello,
post the full configs of both sides. You might just have misconfigured some small detail...
03-21-2018 01:57 PM
03-21-2018 02:31 PM
Hello,
at first glance, it appears that the IP address of Bundle-Ether3 is incorrect:
Bundle-Ether3 is up, line protocol is up
Internet Address 10.1.27.18/30, Area 0 --> this should be 14
to correspond with:
interface Port-channel2
mtu 9216
ip address 10.1.27.13 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 0142575752545F1E084B0A49362437
ip ospf network point-to-point
ip ospf mtu-ignore
logging event link-status
load-interval 30
mpls ip
bfd interval 200 min_rx 200 multiplier 3
no bfd echo
03-21-2018 02:50 PM
Hi sorry I forgot mentioned, right now only BE 1 and Port-Channel 1 are involve in OSPF process.
Regards
03-21-2018 03:03 PM
Hello,
for XE you posted the output for Port-channel2, we need to see the output for 1, similar to what you posted before:
Port-channel2 is up, line protocol is up
Internet Address 10.1.27.13/30, Area 0, Attached via Network Statement
Process ID 10110, Router ID 10.1.20.150, Network Type POINT_TO_POINT, Cost: 10
Topology-MTID Cost Disabled Shutdown Topology Name
03-21-2018 03:08 PM
03-21-2018 03:46 PM
Hello,
thanks for the output. I will do some testing and get back with you...
To be on the safe side, and to check for possible bugs, post the output of 'sh ver' of both devices...
03-21-2018 04:20 PM
Sorry I forgot mentioned one point, I have OSPF up between two IOS XR also Two IOS XE, by now the OSPF between IOS XE is disable.
OSPF between IOS XR and IOS XE don't coming up, see below the version and OSPF status:
sh version
Wed Mar 21 17:08:29.310 UTC
Cisco IOS XR Software, Version 6.1.4[Default]
Copyright (c) 2017 by Cisco Systems, Inc.
ROM: System Bootstrap, Version 10.58(c) 1994-2014 by Cisco Systems, Inc.
STA2-CA9K10-T1 uptime is 1 week, 5 days, 7 hours, 26 minutes
System image file is "disk0:asr9k-os-mbi-6.1.4/0x100305/mbiasr9k-rsp3.vm"
cisco ASR9K Series (Intel 686 F6M14S4) processor with 16777216K bytes of memory.
Intel 686 F6M14S4 processor at 1904MHz, Revision 2.174
ASR 9010 8 Line Card Slot Chassis with V2 DC PEM
4 Management Ethernet
2 FastEthernet
40 GigabitEthernet
16 TenGigE
16 DWDM controller(s)
16 WANPHY controller(s)
375k bytes of non-volatile configuration memory.
6220M bytes of hard disk.
25012208k bytes of disk0: (Sector size 512 bytes).
25012208k bytes of disk1: (Sector size 512 bytes).
Configuration register on node 0/RSP0/CPU0 is 0x2102
Boot device on node 0/RSP0/CPU0 is disk0:
Package active on node 0/RSP0/CPU0:
iosxr-service, V 6.1.4[Default], Cisco Systems, at disk0:iosxr-service-6.1.4
Built on Fri Jun 30 00:53:43 UTC 2017
By iox-lnx-005 in /auto/srcarchive13/production/6.1.4/asr9k-px/workspace for pie
asr9k-service-supp, V 6.1.4[Default], Cisco Systems, at disk0:asr9k-service-supp-6.1.4
Built on Fri Jun 30 00:53:43 UTC 2017
By iox-lnx-005 in /auto/srcarchive13/production/6.1.4/asr9k-px/workspace for pie
asr9k-services-px, V 6.1.4[Default], Cisco Systems, at disk0:asr9k-services-px-6.1.4
Built on Fri Jun 30 00:53:47 UTC 2017
By iox-lnx-005 in /auto/srcarchive13/production/6.1.4/asr9k-px/workspace for pie
iosxr-mgbl, V 6.1.4[Default], Cisco Systems, at disk0:iosxr-mgbl-6.1.4
Built on Fri Jun 30 00:38:30 UTC 2017
By iox-lnx-005 in /auto/srcarchive13/production/6.1.4/asr9k-px/workspace for pie
Wed Mar 21 17:08:40.031 UTC
* Indicates MADJ interface
# Indicates Neighbor awaiting BFD session up
Neighbors for OSPF 30100
Neighbor ID Pri State Dead Time Address Interface
10.21.10.1 1 FULL/ - 00:00:33 10.21.7.6 Bundle-Ether4
Neighbor is up for 1d00h
Total neighbor count: 1
**********************************************************
IOS XE:
Cisco IOS XE Software, Version 03.18.03.SP.156-2.SP3-ext
Cisco IOS Software, ASR920 Software (PPC_LINUX_IOSD-UNIVERSALK9_NPE-M), Version 15.6(2)SP3, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Tue 19-Sep-17 22:12 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2017 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.21.0.1 0 INIT/ - 00:00:37 10.21.7.9 Port-channel1
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: