I waited for an expert to answer, but none did. But sometimes seeing that I'm intrigued (and/or confused), smokes them out of their holes. ;-)
It doesn't make sense that turning on MD5 authentication with OSPF would cause the demand-circuit to stay up. MD5 doesn't send the key over the wire. It's configured into each router and used to generate a message digest that is appended to packets, but it doesn't cause extra packets. Also if the routers agree that this is a demand circuit, you shouldn't have to filter the Hellos to 224.0.0.5, and doing so shouldn't cause the routers to declare each other dead. Something funny is happening there. I do see that Doyle and other references say to implement demand circuits only within stub, totally stubby, or NSSA areas. You mentioned that you're doing it in Area 0. I wonder if that's a problem. Could you send us your configs? Since it's a lab network, perhaps you could let us see the MD5 keys. (That is, don't configure service password-encryption. That way we can see the keys in your configs and maybe notice any problem with them.) Thanks. Priscilla At 12:23 PM 1/31/02, Richard Newman wrote: >Hi all. >I was working on a lab with an ISDN link between two of my OSPF routers. The >link would come up if the Frame cloud went away. Normal stuff link would be >initiated as usual. However, since area 0 had authentication turned on >broadcasts from 224.0.0.5 kept the isdn link up all the time. If I filtered >out the 224.0.0.5 from being interesting the ospf neighbors would get >terminated at the dead interval. When I turn off authen. from area 0 all >worked as normal. > >Is this a normal occurrance? When area authentication is turned on do the >key exchanges still happen even over a demand-circuit? > >Thanks... >Richard Newman ________________________ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33987&t=33884 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]