Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
912
Views
20
Helpful
11
Replies

OSPF Key Chain

Trent211111
Level 1
Level 1

‎07-14-2022 09:04 AM - edited ‎07-14-2022 09:06 AM

Are there any different requirements or variables when Configuring OSPF Key Chain auth from IOS to Nexus vs IOS to IOS?

I am having issues doing just that on Nexus to IOS. All the configuration options are present on both OS however the authentication/neighbor-ship is not establishing...any thoughts?

Labels:
11 Replies 11

MHM Cisco World
VIP
VIP

‎07-14-2022 09:08 AM

https://community.cisco.com/t5/switching/nx-os-ospf-key-chain-authentication-algorithms/td-p/3186162

 

it is nexus issue it not support HASH so you only have MD5 

check link above

Trent211111
Level 1
Level 1
In response to MHM Cisco World

‎07-14-2022 09:11 AM

hmac-sha-256 is present on both of the switches I want to configure.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Trent211111

‎07-14-2022 09:24 AM

check the link again it seem to me even if the NSK support it platform is not support it.
that what I know.

0 Helpful

Trent211111
Level 1
Level 1
In response to MHM Cisco World

‎07-14-2022 09:53 AM

Those are on Nexus 5/6k , Im on Nexus 9k

0 Helpful

Trent211111
Level 1
Level 1
In response to MHM Cisco World

‎07-14-2022 11:54 AM - edited ‎07-14-2022 11:57 AM

 

That is what I have on each switch and appropriate interface. Obv the date is not correct now but rest assured it is updated to the current time

conf t
key chain OSPF_KEY_CHAIN1
key 1
key-string Test1
cryptographic-algorithm hmac-sha-256
send-lifetime 02:40:00 Jul 11 2022 05:55:00 Jul 11 2022
accept-lifetime 02:40:00 Jul 11 2022 05:55:00 Jul 11 2022
exit
key 2
key-string Test2
cryptographic-algorithm hmac-sha-256
send-lifetime 20:19:00 Jul 10 2022 20:30:00 Jul 10 2022
accept-lifetime 20:18:00 Jul 10 2022 20:31:00 Jul 10 2022
end

conf t
interface gigabitethernet 0/0
ip ospf authentication key-chain OSPF_KEY_CHAIN1
end

0 Helpful

MHM Cisco World
VIP
VIP
In response to Trent211111

‎07-14-2022 12:22 PM

Check workaround if it success then the algorithm is issue with nexus,

Only config key chain with md5 and see result.

0 Helpful

Trent211111
Level 1
Level 1
In response to MHM Cisco World

‎07-14-2022 01:22 PM

Yeah I will give that a try. Ill let you know.

balaji.bandi
Hall of Fame
Hall of Fame

‎07-14-2022 09:09 AM

how is your config look like - as per i know nexus have different support algorithm compare to IOS and IOS XE

 

good to know IOS and nexus version you having issue, along with sample config. (i would also check MTU)

show ip ospf traffic give you what went wrong :

https://community.cisco.com/t5/networking-knowledge-base/understanding-show-ip-ospf-traffic-command/ta-p/3148322

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver
VIP
VIP

‎07-14-2022 02:31 PM

Hello
Unless it has changed my understanding is key-chain isnt supported for OSPFv2


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card