L’AUTENTICAZIONE md5 sul VIRTUAL LINK richiede
1) Abilitazione md5 su tutte le interfacce nel percorso tra R16 e R18
2) L’abilitazione sul Virtual ABR (R16) à Area 0 Authentication message digest
R16
router ospf 2
router-id 10.1.1.16
log-adjacency-changes
router-id 10.1.1.16
log-adjacency-changes
::::::::::::::::::::::::::::::::::::::::::::: ç ADD area 0 authentication message-digest
area 1 authentication message-digest
area 3 authentication message-digest
area 3 virtual-link 10.1.1.18 message-digest-key 1 md5 cisco
network 1.1.50.0 0.0.0.3 area 1
network 10.1.1.16 0.0.0.0 area 3
network 172.16.13.0 0.0.0.7 area 3
area 1 authentication message-digest
area 3 authentication message-digest
area 3 virtual-link 10.1.1.18 message-digest-key 1 md5 cisco
network 1.1.50.0 0.0.0.3 area 1
network 10.1.1.16 0.0.0.0 area 3
network 172.16.13.0 0.0.0.7 area 3
R18
router ospf 2
router-id 10.1.1.18
log-adjacency-changes
area 0 authentication message-digest
router-id 10.1.1.18
log-adjacency-changes
area 0 authentication message-digest
area 3 authentication message-digest
area 3 virtual-link 10.1.1.16 message-digest-key 1 md5 cisco
redistribute static subnets
network 1.1.60.0 0.0.0.3 area 3
network 10.1.1.18 0.0.0.0 area 0
network 10.10.20.0 0.0.0.7 area 0
area 3 virtual-link 10.1.1.16 message-digest-key 1 md5 cisco
redistribute static subnets
network 1.1.60.0 0.0.0.3 area 3
network 10.1.1.18 0.0.0.0 area 0
network 10.10.20.0 0.0.0.7 area 0
TRA R16 ed R18 c’è un virtual link (tra I due router c’è R17)
La neighbor sul virtual-link non si forma dal debug si trova : MISMATCH Authentication type
mediante il comando SHOW IP OSPF VIRTUAL si capisce il perché à il virtual link e’ UP ma R18 usa MD5 (type2) mentre R16 usa nessuna autenticazione (type 0)
R18#sh ip osp virtual-links
Virtual Link OSPF_VL0 to router 10.1.1.16 is up Run as demand circuit
DoNotAge LSA allowed.
Transit area 3, via interface Ethernet0/1
Topology-MTID Cost Disabled Shutdown Topology Name
0 20 no no Base
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:02
Adjacency State FULL (Hello suppressed)
Index 3/4, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec Message digest authentication enabled ß NON E’ PRESENTE SU R16
Youngest key id is 1
Virtual Link OSPF_VL0 to router 10.1.1.16 is up Run as demand circuit
DoNotAge LSA allowed.
Transit area 3, via interface Ethernet0/1
Topology-MTID Cost Disabled Shutdown Topology Name
0 20 no no Base
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:02
Adjacency State FULL (Hello suppressed)
Index 3/4, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec Message digest authentication enabled ß NON E’ PRESENTE SU R16
Youngest key id is 1
R16#sh ip ospf virtual-links
Virtual Link OSPF_VL0 to router 10.1.1.18 is up Run as demand circuit
DoNotAge LSA allowed.
Transit area 3, via interface Ethernet0/0
Topology-MTID Cost Disabled Shutdown Topology Name
0 20 no no Base
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:05
Adjacency State FULL (Hello suppressed)
Index 1/3, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
Virtual Link OSPF_VL0 to router 10.1.1.18 is up Run as demand circuit
DoNotAge LSA allowed.
Transit area 3, via interface Ethernet0/0
Topology-MTID Cost Disabled Shutdown Topology Name
0 20 no no Base
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:05
Adjacency State FULL (Hello suppressed)
Index 1/3, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
SOLUZIONE:
R16
router ospf 2
area 0 authentication message-digest ß ADD
Nessun commento:
Posta un commento