Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel

OSPF routers do not form neighbor relationships due to authentication type mismatch

17975
Views
0
Helpful
0
Comments
TCC_2
Advocate
‎06-22-2009 05:32 PM
edited on: ‎03-01-2019 ‎04:10 PM

Core Issue

Before exchanging routing information, routers running Open Shortest Path First (OSPF) form neighbor relationships with other OSPF routers on the same segment. This is done by exchanging hello packets. The hello packets contain various parameters, one of which is related to authentication. This specifies the authentication type and authentication information for the originating interface. Authentication is useful for preventing malicious or incorrect routing information from getting introduced into the routing table. OSPF supports two types of authentication: plain text and Message Digest 5 (MD5).

To become neighbors, OSPF routers attached to a segment must be configured for the same authentication type and the same password. If these parameters do not match, the router (which is configured for authentication) ignores the hello packets received from another router and does not consider it as a neighbor.

If a router receiving the hello packets is not configured for authentication, it accepts the hello packets from the other router with authentication information and considers it as a neighbor.

However, it will not see itself listed in the hello packets received. Therefore, it considers the neighbor as in the Init state and the adjacency establishment will not proceed further.

Resolution

To resolve this issue, perform these steps:

  1. Identify the adjacency state with the neighbor by issuing the show ip ospf neighbor command from privileged EXEC mode.

  2. Find the authentication type configured under an interface by issuing the show ip ospf interface command from privileged EXEC mode.

    If the authentication type does not match between two routers on the same segment, you will see a message similar to this:

    OSPF: Rcv pkt from x.x.x.x, Ethernet1/0 : Mismatch Authentication type. Input packet specified type 2, we use type 1

    This occurs when you issue the debug ip ospf adj command from privileged EXEC mode.

    This message indicates this information:

    • Type 0 indicates that no authentication is enabled.
    • Type 1 is for plain text authentication to be enabled.
    • Type 2 means that MD5 authentication is enabled.

  3. Make sure that all the routers connected to the same segment use the same authentication type. This is done by issuing the area authentication command in router configuration mode or the ip ospf authentication command in interface configuration mode.

    The area authentication command configures all the interfaces under a particular area to use the specified authentication type.

    The ip ospf authentication command can be used to individually configure the authentication type for an interface or override the type configured under an interface with thearea authentication command.

For more information, refer to these documents:


0 Helpful
Latest Contents
How to view past 5 days logs on cisco router using show logg...
Created by ahad311 on 07-01-2022 07:00 AM
1
0
1
0
Hello all, I'm trying to view logs for past 5 days on cisco router. When I use "show logging" it seems to only show logs for one day. How can I see the logs for pas few days? Thank You 
problem
Created by panarania3 on 07-01-2022 05:10 AM
5
0
5
0
hello everyone , I hope you are all well I connected kalilinux to eve_Ng but no commands work what is solution for that ?thanks for answering 
Any nexus labs books?
Created by hfakoor222 on 07-01-2022 04:55 AM
1
0
1
0
Are there any labs for nexus switches , i.e books I could purchase to lab up some nexus topologies? So far I've found a class I may enroll in which comes dirt cheap for what it offers, but I have not been able to find much for NX-OS labbing.  Wo... view more
STP over Layer 2 MPLS
Created by ronit on 07-01-2022 04:44 AM
0
0
0
0
I am planning to deploy a spanning tree loop between 2 of my Layer 2 MPLS routers and am looking at the "l2protocol forward" combined with "xconnect" to do so. However, I have some questions about how this works       1. So I already have ... view more
CBS 350 Cross Stack EtherChannel?
Created by HA CR on 07-01-2022 02:13 AM
4
0
4
0
Hi, I was wondering if the CBS350 series of switches supported Cross Stack Ether Channels? Does it make a difference to what stack mode you are in,  Hybrid or Native? Many Thanks, CR
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad