Solved: Re: No valid authentication send key is available on interface NVI0

ddolbel · ‎03-08-2017

Hi All

I'm having issues with this constant message appearing, and i'm stuck trying to find a way to clear it,

001012: Mar 9 08:48:50.655 AEST: %OSPF-4-NOVALIDKEY: No valid authentication send key is available on interface NVI0

I have a cisco 2921 router with a adsl connection with 4g backup, i have a dmvpn configured for remote sites to connect to the router,

attached is a censored version of my config, any assistance would be greatly appreciated

paul driver · ‎03-10-2017

Hello

You have ospf authentication enabled globally all interfaces. but I only see the digest key applied to the only one interface!

Try removing authentication from the OSPF routing stanza and applying specifically to the one interface or apply the digest key to the other ospf interfaces.

router ospf 1
no area 1 authentication message-digest

int x/x
ip ospf message-digest-key 1 md5 xxxx
ip ospf authentication message-digest

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Georg Pauwen · ‎03-08-2017

Hello,

the Nat NVI0 (Nat Virtual Interface) is only used when you use

non-legacy NAt (ip nat enable instead of ip nat inside/outside

on your interface.

Try and admin shut down the interface...

ddolbel · ‎03-09-2017

gpauwen I have checked the router and there is definietely no ip nat enable anywhere in the config, I attached a copy in the original post,

below is all the options i have

DD-PE-RTR01(config)#int ?
  ATM                      ATM interface
  Async                    Async interface
  Auto-Template            Auto-Template interface
  BDI                      Bridge-Domain interface
  BVI                      Bridge-Group Virtual Interface
  CDMA-Ix                  CDMA Ix interface
  CTunnel                  CTunnel interface
  Cellular                 Cellular WAN interface
  Dialer                   Dialer interface
  Embedded-Service-Engine  cisco embedded service engine module
  Ethernet                 IEEE 802.3
  GMPLS                    MPLS interface
  GigabitEthernet          GigabitEthernet IEEE 802.3z
  Group-Async              Async Group interface
  LISP                     Locator/ID Separation Protocol Virtual Interface
  LongReachEthernet        Long-Reach Ethernet interface
  Loopback                 Loopback interface
  Lspvif                   LSP virtual interface
  MFR                      Multilink Frame Relay bundle interface
  Multilink                Multilink-group interface
  Null                     Null interface
  Port-channel             Ethernet Channel of interfaces
  Pseudowire               Pseudowire Interface
  Tunnel                   Tunnel interface
  Vif                      PGM Multicast Host interface
  Virtual-Access           Virtual Access interface
  Virtual-PPP              Virtual PPP interface
  Virtual-Template         Virtual Template interface
  Virtual-TokenRing        Virtual TokenRing
  range                    interface range command
  vmi                      Virtual Multipoint Interface

DD-PE-RTR01(config)#int nvi0
                            ^
% Invalid input detected at '^' marker.

Any other ideas?

Thanks for your time.....

Georg Pauwen · ‎03-09-2017

Hello,

if you do a

show ip int brief

the NVI0 interface is probably already administrativelu shut down.

Try and disable logging for the interface and check if that gets rid of the warnings:

no logging source-interface nvi0

ddolbel · ‎03-09-2017

Hi Again,

interface is up and up below is the output from

sh ip int brief

DD-PE-RTR01#sh ip int brie
Interface                  IP-Address      OK? Method Status                Protocol
Embedded-Service-Engine0/0 unassigned      YES NVRAM  administratively down down    
GigabitEthernet0/0         10.250.1.17     YES DHCP   up                    up      
GigabitEthernet0/1         10.0.1.1        YES NVRAM  up                    up      
GigabitEthernet0/2         unassigned      YES NVRAM  administratively down down    
ATM0/0/0                   unassigned      YES NVRAM  up                    up      
Ethernet0/0/0              unassigned      YES NVRAM  administratively down down    
ATM0/1/0                   unassigned      YES NVRAM  administratively down down    
GigabitEthernet0/2/0       unassigned      YES NVRAM  administratively down down    
Cellular0/3/0              unassigned      YES unset  down                  down    
Cellular0/3/1              unassigned      YES unset  down                  down    
Dialer0                    <removed> YES IPCP   up                    up      
Dialer1                    unassigned      YES NVRAM  administratively down down    
Loopback0                  10.100.0.1      YES NVRAM  up                    up      
Loopback99                 10.0.99.1       YES NVRAM  up                    up      
NVI0                       10.100.0.1      YES unset  up                    up      
Port-channel1              unassigned      YES unset  administratively down down    
Tunnel0                    10.0.0.1        YES NVRAM  up                    up      
Tunnel7                    10.200.7.1      YES NVRAM  administratively down down    
Tunnel369                  10.200.36.1     YES NVRAM  administratively down down    
Virtual-Access1            unassigned      YES unset  up                    up      
Virtual-Template1          <removed>  YES unset  up                    down

Georg Pauwen · ‎03-09-2017

Hello,

I am not really sure why the interface is up/up. Either way, try to make the NVI0 interface passive (router ospf 1 --> passive interface nvi0), or remove:

network 10.100.0.1 0.0.0.0 area 1

from the ospf process configuration.

ddolbel · ‎03-10-2017

Georg, that wont work, i loose my loopback from my neighbours

Georg Pauwen · ‎03-10-2017

Hello,

what is the purpose of the loopback interface ? If you just need it as source for TACACS and SSH, you could remove it from the OSPF process and advertise it through static routes instead. I don't know of course if that is an option, since I don't know how large your network is, and of how many routers it is comprised...

paul driver · ‎03-11-2017

Check your authentication!!!!!

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

paul driver · ‎03-10-2017

Hello

You have ospf authentication enabled globally all interfaces. but I only see the digest key applied to the only one interface!

Try removing authentication from the OSPF routing stanza and applying specifically to the one interface or apply the digest key to the other ospf interfaces.

router ospf 1
no area 1 authentication message-digest

int x/x
ip ospf message-digest-key 1 md5 xxxx
ip ospf authentication message-digest

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ddolbel · ‎03-12-2017

Hi Paul

That seems to have fixed the issue, i'm no longer getting the messages and all appears to be working ok now will monitor for a day or two.

thank you.

paul driver · ‎03-12-2017

Hello

glad to hear that !

please mark the thread as answered so to assist others in the future

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ddolbel · ‎03-12-2017

Thought I had, all done, thanks again.