Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6925
Views
0
Helpful
10
Replies

ospf authentication missmatch problem

Go to solution
ChRiStEw1234
Level 1
Level 1

‎08-26-2012 03:46 AM - edited ‎03-04-2019 05:22 PM

hi all,im doing an ospf lab,ive got it all up an running  and am now trying to add authentication,the lab says use plain text authentication which i believe is type 0.

But when i set up the authentication-key it takes the command but then i get an authentication failed because of a type mismatch even though i never specified a type (type mismatch recieved 0 we use 1),so i go into all interfaces and add the command specifying type 1,all interfaces,all routers but then i get authentication missmatch type 1 we use 0, am i doing somthing wrong ???

thanks chris

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to ChRiStEw1234

‎08-26-2012 04:17 AM

Yes, the "1" in your command references the key-id (you can have more that one key per interface). You also have to specify your authentication-type ("ip ospf authentication"). The Authentication Type can be specified for the interface and also for the area in the "router ospf" section.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Karsten Iwen
VIP
VIP

‎08-26-2012 03:55 AM

These are the authentication types as of RFC 2328 (OSPF Version 2):

                  AuType       Description
                  ___________________________________________
                  0            Null authentication
                  1            Simple password
                  2            Cryptographic authentication
                  All others   Reserved for assignment by the
                               IANA (iana@ISI.EDU)


                      Table 20: OSPF authentication types.

You are using "0" what is "no authentication". Plain authentication would be "1".

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
ChRiStEw1234
Level 1
Level 1
In response to Karsten Iwen

‎08-26-2012 04:12 AM

hi karston, thanks for your quick reply,i understand the types now but even though on all interfaces i have used the command ip ospf authentication key 1 password  it still says authentication mismatch recieved type 1 we use 0,have i missed a command somewhere???

thanks chris

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to ChRiStEw1234

‎08-26-2012 04:17 AM

Yes, the "1" in your command references the key-id (you can have more that one key per interface). You also have to specify your authentication-type ("ip ospf authentication"). The Authentication Type can be specified for the interface and also for the area in the "router ospf" section.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
ChRiStEw1234
Level 1
Level 1
In response to Karsten Iwen

‎08-26-2012 04:47 AM

hi karsten, thanks for that it now works i added the message digest  at the end of ip ospf authentication

thanks

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to ChRiStEw1234

‎08-26-2012 05:01 AM

Then it could be that it works, but not the way you think it works ...

If you change to message-digest authentication, you also have to change the command "ip ospf authentication-key ..." to "ip ospf message-digest-key ...". If you miss that your ospf will have a compatible configuration on both ends but won't authenticate.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
ChRiStEw1234
Level 1
Level 1
In response to Karsten Iwen

‎08-26-2012 05:30 AM

hi thanks again will have another mess

chris

0 Helpful

Go to solution
ChRiStEw1234
Level 1
Level 1
In response to Karsten Iwen

‎08-26-2012 05:42 AM

hi karsten thanks removed the message digest bit and now works,

thanks chris

0 Helpful

Go to solution
ChRiStEw1234
Level 1
Level 1
In response to ChRiStEw1234

‎08-26-2012 05:48 AM

can i just ask,with the message digest added i was still able to see the routes added to the routing table and all had adjacency is this right??

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to ChRiStEw1234

‎08-26-2012 06:09 AM

Yes, if you have the same config on both sides (authentication set to message-digest but no message-digest-key) then the digest added on one side with "no key" is compatible to the expected authentication wirh "no key" on the other side.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
ChRiStEw1234
Level 1
Level 1
In response to Karsten Iwen

‎08-26-2012 06:20 AM

thanks much appreciated

chris

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card