Two things... 1. You configured a plain-text key on the interface (ip ospf message-digest-key is what you want)
2. You CAN have a NULL key with MD5 authentication. Since you really did NOT put a key on R5, that's what the router is using Look at "show ip ospf interface Serial1" and you'll see that ospf authentication is enabled, but using "key 0" which is the null key. HTH, Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE #153, CISSP, et al. CCSI/JNCI-M/JNCI-J IPexpert VP - Curriculum Development IPexpert Sr. Technical Instructor [EMAIL PROTECTED] http://www.ipexpert.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bradley Lowry Sent: Saturday, March 24, 2007 11:07 AM To: [email protected] Subject: [OSL | CCIE_RS] OSPF authentication R1 and R5 are back to back. Both run c2500-is-l.123-20.bin, which is 12.3(20), with the IP plus veature set. My question is this: If I turn on MD5 authentication for area 0, and configure a key for S1 on R5, as soon as I turn on MD5 authentication on R1, the adjacency comes right up even though R1 doesn't have a key yet. What am I missing? Relevant portions of the config are below. Thanks, Bradley R5: router ospf 100 log-adjacency-changes area 0 authentication message-digest interface Serial1 ip address 192.168.10.5 255.255.255.0 ip ospf authentication-key 1 bob ---------------------------------------------------------------- interface Serial1 ip address 192.168.10.2 255.255.255.0 clock rate 56000 r2(config-router)#area 0 authentication message-digest r2(config-router)# *Mar 1 00:31:29.011: %OSPF-5-ADJCHG: Process 100, Nbr 5.5.5.5 on Serial1 from L OADING to FULL, Loading Done
