the books say you can either set up authentication per area, or per interface with ospf... i beg to differ... perhaps it's older code, not sure, either way it's a pain in the ass...
r1#debug ip ospf packet
OSPF packet debugging is on
r1#
*Nov 5 17:15:51.342: OSPF-1 PAK : rcv. v:2 t:1 l:48 rid:10.1.40.1 aid:0.0.0.0 chk:3542 aut:0 auk: from FastEthernet0/0
debugging the packets is a good way to check if the authentication is working, note above our authorization code is 0 (aut:0)
place authentication on the neighbors using plain text...
r1(config)#int f0/0
r1(config-if)#ip ospf authentication-key cisco
r1(config-if)#ip ospf authentication-key cisco
r2(config-if)#
no help with that shit...
r1#
*Nov 5 17:21:42.042: OSPF-1 PAK : rcv. v:2 t:1 l:48 rid:10.1.40.1 aid:0.0.0.0 chk:3542 aut:0 auk: from FastEthernet0/0
now turn it on for the area on each router...
r2(config-if)#router ospf 1
r2(config-router)#area 0 authentication
r2(config-router)#area 0 authentication
*Nov 5 17:26:20.030: OSPF-1 PAK : rcv. v:2 t:1 l:48 rid:10.1.40.1 aid:0.0.0.0 chk:3541 aut:1 auk: from FastEthernet0/0
now it works... same for md5... arghh...
r1#sh ip ospf int f0/0
FastEthernet0/0 is up, line protocol is up
Internet Address 192.168.1.1/24, Area 0, Attached via Network Statement
Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 10.1.40.1, Interface address 192.168.1.2
Backup Designated router (ID) 1.1.1.1, Interface address 192.168.1.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:02
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.1.40.1 (Designated Router)
Suppress hello for 0 neighbor(s)
Simple password authentication enabled
turn area authentication back off...
r1#sh ip ospf inte f0/0
FastEthernet0/0 is up, line protocol is up
Internet Address 192.168.1.1/24, Area 0, Attached via Network Statement
Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 10.1.40.1, Interface address 192.168.1.2
Backup Designated router (ID) 1.1.1.1, Interface address 192.168.1.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:01
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.1.40.1 (Designated Router)
Suppress hello for 0 neighbor(s)
all gone, but look at f0/0...
r1#sh run int f0/0
Building configuration...
Current configuration : 151 bytes
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip ospf authentication-key cisco
speed auto
duplex auto
end
whoops... i love expected behaviors that are unexpected...
No comments:
Post a Comment