Options
Mismatched OSPF auth passwords does not fail adjacency??
I am labbing in GNS3, configuring two serial ports for authentication..
Here are the relevant parts of the config:
R7#
interface Serial0/1
ip address 10.78.1.7 255.255.255.0
ip ospf authentication message-digest
ip ospf authentication-key psswd
R8#
interface Serial0/0
ip address 10.78.1.8 255.255.255.0
ip ospf authentication message-digest
ip ospf authentication-key wrongpw
R7#sho ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
6.6.6.6 0 FULL/ - - 10.67.1.6 OSPF_VL0
6.6.6.6 0 FULL/ - 00:00:37 10.67.1.6 Serial0/0
8.8.8.8 0 FULL/ - 00:00:37 10.78.1.8 Serial0/1
R7#sho ip ospf int s0/1
Serial0/1 is up, line protocol is up
Internet Address 10.78.1.7/24, Area 78
Process ID 1, Router ID 7.7.7.7, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:05
Supports Link-local Signaling (LLS)
Index 1/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 2, maximum is 5
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 8.8.8.8
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
No key configured, using default key id 0
Am I missing something here? I changed the password to see what kind of debug messages I would get, but the adjacency did not fail. I then clear the ospf process on both routers, and it recovered. Any ideas?
Thanks,
Russ
Here are the relevant parts of the config:
R7#
interface Serial0/1
ip address 10.78.1.7 255.255.255.0
ip ospf authentication message-digest
ip ospf authentication-key psswd
R8#
interface Serial0/0
ip address 10.78.1.8 255.255.255.0
ip ospf authentication message-digest
ip ospf authentication-key wrongpw
R7#sho ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
6.6.6.6 0 FULL/ - - 10.67.1.6 OSPF_VL0
6.6.6.6 0 FULL/ - 00:00:37 10.67.1.6 Serial0/0
8.8.8.8 0 FULL/ - 00:00:37 10.78.1.8 Serial0/1
R7#sho ip ospf int s0/1
Serial0/1 is up, line protocol is up
Internet Address 10.78.1.7/24, Area 78
Process ID 1, Router ID 7.7.7.7, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:05
Supports Link-local Signaling (LLS)
Index 1/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 2, maximum is 5
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 8.8.8.8
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
No key configured, using default key id 0
Am I missing something here? I changed the password to see what kind of debug messages I would get, but the adjacency did not fail. I then clear the ospf process on both routers, and it recovered. Any ideas?
Thanks,
Russ
Currently working on: CCNA:Security
Up next: CCNA:Voice
Up next: CCNA:Voice
Comments
-
Options
SharkDiver
Member Posts: 844
I think the "ip ospf authentication-key XXXXX" command sets the plaintext password.
You need the "ip ospf message-digest-key 1 md5 XXXXX" command -
Options
pogue
Member Posts: 213
Gotcha.. That was it..
I guess I jumped ahead in my thinking to the md5 configration before I actually got to that part of the chapter.
RussCurrently working on: CCNA:Security
Up next: CCNA:Voice