Been a few weeks since I did that lab so I mocked up the same idea on a
different topology to make sure it worked as I remembered and it worked for
me:
R1:
R1#show run | s router ospf
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
area 0 authentication message-digest
network 0.0.0.0 255.255.255.255 area 0
R1#show run int fa0/0
Building configuration...
Current configuration : 177 bytes
!
interface FastEthernet0/0
ip address 10.1.124.1 255.255.255.0
ip ospf message-digest-key 1 md5 IPExpert
ip ospf message-digest-key 2 md5 CCIE
duplex auto
speed auto
end
R1#show ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/DROTHER 00:00:34 10.1.124.2
FastEthernet0/0
4.4.4.4 1 FULL/DR 00:00:37 10.1.124.4
FastEthernet0/0
R1#show ip ospf int fa0/0 | b auth
Message digest authentication enabled
Youngest key id is 2
Rollover in progress, 1 neighbor(s) using the old key(s):
key id 1
R2:
R2#sh run | s router ospf
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
area 0 authentication message-digest
network 0.0.0.0 255.255.255.255 area 0
R2#sh run int fa0/0
Building configuration...
Current configuration : 138 bytes
!
interface FastEthernet0/0
ip address 10.1.124.2 255.255.255.0
ip ospf message-digest-key 1 md5 IPExpert
duplex auto
speed auto
end
R2#show ip ospf ne
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 FULL/BDR 00:00:39 10.1.124.1
FastEthernet0/0
R2#show ip ospf int | b auth
Message digest authentication enabled
Youngest key id is 1
R4:
R4#show run | s router ospf
router ospf 1
router-id 4.4.4.4
log-adjacency-changes
area 0 authentication message-digest
network 0.0.0.0 255.255.255.255 area 0
R4#show run int fa0/0
Building configuration...
Current configuration : 134 bytes
!
interface FastEthernet0/0
ip address 10.1.124.4 255.255.255.0
ip ospf message-digest-key 2 md5 CCIE
duplex auto
speed auto
end
R4#sh ip ospf ne
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 FULL/BDR 00:00:30 10.1.124.1
FastEthernet0/0
R4#sh ip ospf int | b auth
Message digest authentication enabled
Youngest key id is 2
The key is that the hub router sees that one neighbor is in "rollover" and
is using an old key. But R2 (in your topology) *should* have a different
key value for the "Youngest" key, since the latest key number assigned is
higher on R2 than R5.
Did you get OSPF up between all neighbors before applying the
authentication? Verify basic function before adding features.
Did you try 'debug ip ospf adj' to see why you're not getting an adjacency?
Did you try 'clear ip ospf proc'?
On Wed, Feb 22, 2012 at 4:52 AM, khaled al-ajeman <[email protected]
> wrote:
> Would you please guys help me with this problem althought I have done my
> configuration correctly. By the way there is neighborhood relationship
> between R2 AND R6,
> but there is no relationship between R2 AND R5.
>
>
>
> R 2
>
> Transmit Delay is 1 sec, State DR, Priority 1
> Designated Router (ID) 224.0.0.0, Interface address 150.100.100.2
> No backup designated router on this network
> Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
> oob-resync timeout 120
> Hello due in 00:00:20
> Supports Link-local Signaling (LLS)
> Cisco NSF helper support enabled
> IETF NSF helper support enabled
> Index 1/4, flood queue length 0
> Next 0x0(0)/0x0(0)
> Last flood scan length is 1, maximum is 31
> Last flood scan time is 0 msec, maximum is 12 msec
> Neighbor Count is 1, Adjacent neighbor count is 1
> Adjacent with neighbor 200.0.0.6
> Suppress hello for 0 neighbor(s)
> Message digest authentication enabled
> Youngest key id is 2
> ---------------------------------------> KEY ID is different than R5, WHY?
>
> R5
>
> R5(config-router)#do sh ip os int s0/0.56
> Serial0/0.56 is up, line protocol is up
> Internet Address 150.100.100.5/24, Area 0
> Process ID 1, Router ID 200.0.0.5, Network Type NON_BROADCAST, Cost: 1562
> Transmit Delay is 1 sec, State DROTHER, Priority 0
> No designated router on this network
> No backup designated router on this network
> Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
> oob-resync timeout 120
> Hello due in 00:00:18
> Supports Link-local Signaling (LLS)
> Cisco NSF helper support enabled
> IETF NSF helper support enabled
> Index 2/3, flood queue length 0
> Next 0x0(0)/0x0(0)
> Last flood scan length is 0, maximum is 28
> Last flood scan time is 0 msec, maximum is 8 msec
> Neighbor Count is 0, Adjacent neighbor count is 0
> Suppress hello for 0 neighbor(s)
> Message digest authentication enabled
> Youngest key id is 1
> ---------------------- KEY ID IS DIFFERENT ?
>
> R2
>
> interface Serial0/0.256 multipoint
> bandwidth 64
> ip address 150.100.100.2 255.255.255.0
> ip ospf message-digest-key 1 md5 IPexpert ------> I have to have two
> keys one going to R5 AND one going heading to R6 with different keys and
> passwords
> ip ospf message-digest-key 2 md5 CCIE
> delay 2000
> snmp trap link-status
> frame-relay map ip 150.100.100.5 205 broadcast
> frame-relay map ip 150.100.100.6 206 broadcast
> frame-relay map ip 150.100.100.2 206
>
>
> R2(config-subif)#do sh ip os nei
>
> Neighbor ID Pri State Dead Time Address Interface
> N/A 0 ATTEMPT/DROTHER - 150.100.100.5
> Serial0/0.256
> 200.0.0.6 0 FULL/DROTHER 00:01:46 150.100.100.6
> Serial0/0.256
> 200.0.0.4 0 FULL/ - 00:00:37 150.100.24.4
> Serial0/0.24
> 200.0.0.5 0 FULL/ - 00:00:33 150.100.25.5 Serial0/2
> 200.0.0.1 1 FULL/DR 00:00:37 150.100.12.1
> FastEthernet0/1
> R2(config-subif)#
>
> R5
>
> interface Serial0/0.56 multipoint
> bandwidth 64
> ip address 150.100.100.5 255.255.255.0
> ip ospf message-digest-key 1 md5 IPexpert
> ip ospf priority 0
> delay 2000
> snmp trap link-status
> frame-relay map ip 150.100.100.5 502
> frame-relay map ip 150.100.100.6 502
> frame-relay map ip 150.100.100.2 502 broadcast
> end
> THANKS,
>
> KHALED
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
> Are you a CCNP or CCIE and looking for a job? Check out
> www.PlatinumPlacement.com
>
> http://onlinestudylist.com/mailman/listinfo/ccie_rs
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
http://onlinestudylist.com/mailman/listinfo/ccie_rs
