Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

OSPF neighbor formed but OSPF authentication configs not correct!

I have a remote router TK and a local router W1. They've formed OSPF neighbor in Area 40, over a T3.

under process 4. But when I checked the config, I found,

1. local router configured with OSPF authentication correctly.

2. Remote router configured with OSPF authentication only on the interface, but not under the area 40

How so??

thanks,

tk#sh ip os 4

Routing Process "ospf 4" with ID 172.16.241.1

....

tk#sh ip os nei

Neighbor ID     Pri   State           Dead Time   Address         Interface

1xx.1xx.252.200   1   FULL/BDR        00:00:30    1xx.1xx.252.194 GigabitEthernet0/2/0

1xx.1xx.252.201   1   FULL/BDR        00:00:36    1xx.1xx.252.198 GigabitEthernet0/1/0

172.16.240.211    0   FULL/  -        00:00:31    172.16.76.5     Serial2/0

172.16.240.210    0   FULL/  -        00:00:32    172.16.76.1     Serial1/0

...

The last one is the neighbor in question.

tk#sh run | b r o

router ospf 4

log-adjacency-changes

auto-cost reference-bandwidth 10000

redistribute static subnets

passive-interface GigabitEthernet0/0

passive-interface GigabitEthernet0/1

passive-interface Vlan10

network 1xx.1xx.252.96 0.0.0.15 area 40

network 1xx.1xx.252.192 0.0.0.3 area 40

network 1xx.1xx.252.196 0.0.0.3 area 40

network 1xx.1xx.252.224 0.0.0.15 area 40

network 172.16.76.0 0.0.0.3 area 40

network 172.16.76.4 0.0.0.3 area 40

network 172.16.241.1 0.0.0.0 area 40

!

tk#sh run int s1/0

Building configuration...

Current configuration : 297 bytes

!

interface Serial1/0

description Level 3 DS3 - B2154

ip address 172.16.76.2 255.255.255.252

ip ospf authentication message-digest

ip ospf message-digest-key 4 md5 7 15973F03017E720D716218211D054F532E

dsu bandwidth 44210

end

tk#

=======below is from local router

w1#sh ip os 4

Routing Process "ospf 4" with ID 172.16.240.210

router ospf 4

log-adjacency-changes

auto-cost reference-bandwidth 10000

area 0 authentication message-digest

area 40 authentication message-digest

redistribute static subnets route-map NTSB_into_OSPF

redistribute bgp 65000 metric 500 metric-type 1 subnets route-map bgp-forwarded-routes

passive-interface default

no passive-interface Vlan609

no passive-interface Serial1/0/0

no passive-interface Serial1/0/1

no passive-interface Serial1/1/1

no passive-interface Serial2/0/0

no passive-interface Serial4/1/2:0

no passive-interface Serial4/1/4:0

no passive-interface TenGigabitEthernet9/1

no passive-interface TenGigabitEthernet9/2

no passive-interface TenGigabitEthernet9/4

no passive-interface GigabitEthernet10/1

no passive-interface GigabitEthernet10/2

no passive-interface Multilink1

network 1xx.1xx.202.92 0.0.0.3 area 101

network 152.120.255.240 0.0.0.0 area 0

network 152.120.255.242 0.0.0.0 area 0

network 172.16.32.80 0.0.0.15 area 0

network 172.16.32.208 0.0.0.15 area 0

network 172.16.55.144 0.0.0.15 area 0

network 172.16.55.241 0.0.0.0 area 0

network 172.16.60.144 0.0.0.15 area 0

network 172.16.62.0 0.0.0.3 area 0

network 172.16.64.128 0.0.0.3 area 102

network 172.16.67.64 0.0.0.3 area 40

network 172.16.67.68 0.0.0.3 area 40

network 172.16.68.4 0.0.0.3 area 109

network 172.16.68.8 0.0.0.3 area 40

network 172.16.68.12 0.0.0.3 area 101

network 172.16.68.16 0.0.0.7 area 40

network 172.16.68.24 0.0.0.3 area 102

network 172.16.68.120 0.0.0.7 area 40

network 172.16.68.136 0.0.0.7 area 0

network 172.16.76.0 0.0.0.3 area 40

network 172.16.240.210 0.0.0.0 area 0

W1#sh run int s1/1/1

interface Serial1/1/1

description T3 to Tk

ip address 172.16.76.1 255.255.255.252

ip flow ingress

ip pim sparse-mode

ip ospf authentication message-digest

ip ospf message-digest-key 4 md5 7 15973F03017E720D716218211D054F532E

dsu bandwidth 44210

framing c-bit

cablelength 10

end

W1#sh ip os nei

172.16.241.1      0   FULL/  -        00:00:34    172.16.76.2     Serial1/1/1

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

OSPF neighbor formed but OSPF authentication configs not correct

Hi,

There is nothing wrong with your configuration. OSPF authentication can be configured either on a per-interface basis or on a per-area basis. If both per-area and per-interface authentication configuration exists, the per-interface configuration is preferred (i.e. the per-interface authentication configuration overrides the per-area config).

In your case, the net effect is that both interconnected interfaces are using the same OSPF authentication mode and the same key, and thus the adjacency forms.

Best regards,

Peter

1 REPLY
Cisco Employee

OSPF neighbor formed but OSPF authentication configs not correct

Hi,

There is nothing wrong with your configuration. OSPF authentication can be configured either on a per-interface basis or on a per-area basis. If both per-area and per-interface authentication configuration exists, the per-interface configuration is preferred (i.e. the per-interface authentication configuration overrides the per-area config).

In your case, the net effect is that both interconnected interfaces are using the same OSPF authentication mode and the same key, and thus the adjacency forms.

Best regards,

Peter

211
Views
0
Helpful
1
Replies
CreatePlease to create content