— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| a Per >] : [Fable of Content : Looe CCisco® OSPF Command and Configuration Handbook (CCIE Professional Development) By Wiliam R. Parkhurst Ph.D, Publisher: Cisco Press Pub Date: Api 19, 2002 ISBN: 1-58705-071-4 Pages: 528 Slots:2 'As one ofthe most predominantly deployed Interior Gateway Protocols, Open Shortest Path Fits (OSPF) demands a wealth of knowledge on the part of internetworking professionals working witht on a daly basis. Unfortunately, publicly available documentation on the OSPF ‘command set vaties from being to thin on coverage to being oo demanding on the required equipment needed to test what the documentation covers. (80 OSPF Command and Configuration Handbooks a clear, concise, and complete source of dacumentaton fo ll Cis !OS() Software ‘OSPF commands. The way you use this book will depend on your objectives. I you are preparing forthe CCIE written and lab exams, then this book can be used as a laboratory guide to lear the purpose and proper use of every OSPF command, It you afe a network designer, then this book canbe used as a ready reerence for any OSPF command. (0800 OSPF Command and Configuration Handbook provides example scenarios that demonstrate the proper use of every OSPF command that can be implemented on a minimum numberof routers. This wil enable you to lear each command without requting an extensive and ‘expensive lab configuration. The scenarios clearly present the purpose and use of each command. Some of the examples lead you into ‘common non-working situations in order to reinforce the understanding ofthe operation of the particular OSPF command, “This book's part of the Cisco CCIE Protessional Development Series, which ofers expertevel instruction on network design, deployment, ‘and support methodologies to help networking professionals manage complex networks and prepare for CCIE exams. a Per >]hs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Free Open Study >] : able of Content CCisco® OSPF Command and Configuration Handbook (CCIE Professional Development) By Wiliam R. Parkhurst Ph.D. Publisher: Cisco Press Pub Date: Api 19, 2002 ISBN: 1-58705-071-4 ages: 528 Slots:2 pyri out the Author [About the Teahnical Reviewer ection 2-3. arealrea-id default cosifa Becton 24, areahwea-idnssd] Becton 2.5. arealarea-id.nssa defautnformation-origina ssa no-summan] ection 2-8. arealreai Becton 2-2, areabrea-idrange Becton 210. areafvea-dranae fot adverts Becton 2-1, areafirea.d su ection 2-12. areafprea id stub no-summar[mis document was created by an unregistered ChmMapio, please goto hip: /iwww.bsenter.com to register it. Thanks| ection 2-13. areal ransi-area id viva ink outer. ection 2-14, predfransit-rea-dpitua.sinicuteriduthentication authentication ke basen ection 215. pred|ranst-rea-dyitualindjcutorijouthentcation message-diges ection 216, hred|ranst-rea-id\ituatsinjouteriduthentication nul ection 2-17, area) ransit-area-id vitua-ink|outerd authentication key basswo [conc] Becton 219, area) rans area vital outer neto-intervalbeconct] eri arid retransmit interval beconds ection 2-21, areal ransi-areaid vivant ection 2.22, arealranst-reaidvitua nkfouterid vansmit delay econ hapier 3, Auto Cost ection 3-1. auto-ostreference-bandwidh pandwt roubleshootin hapier 4, Default Route Generator Becton 4 = default information o ection 4-2, defauitnformation originate ala ection 4-3, defaut information originate metic ection 4-4. default information originate alvays metros] Gestion 45. default infomation oiginate metic-ype)yod Becton 46. default information oiginate alvays mevio-ypdped ection 4-7, defauitinformation oginateroute-mag] Bhapter 5. setting he Detaul Metric fr Redistrouted Protocols ection 5-1, defaut mevichos hapler 6_ Adminisvative Distanc ection 6-1. distance ciministratve-dstanc ection 6-2. distance ministatve-dstance source p-address source ip-mas ection 6-3. distance cministatve-cstance source ip-adcress source ip-mask acess ist-numbe] ection 6-4. distance asp externalfpsministrative-dlstan irative- dstancs ection 6-6. distance oso inta-areapminisvativecistancs hapier 7. Filtering Routes with Distrbute Lists ection 7-1. dsributestlaccess-st-rumbe i ection 7-2, disribut-tst|aocess-ist-numbe|infotertace-ipe itertace-numbel ectn 7-3. datributetsaccess et rumbel Becion 72. dstibue-itlacess-tstnumbel ot rverane ype nterace.numbe] outing Becton 7-6. citibute-istlacess.tstnamdid ection 77. dtributetslaccess st namd nfiertace type interace numba ection 7-8. dsribut-ts cess list nam Becton 7-11, distibuteist pretrefictstnamdi] ection 7-12. aistioue Ist prefipreticst-namd nfieiace type interace numba ection 7-13_cistioue st prefveiist-namdou ection 7-14, distibue ist pret rei st namd out niece ype ivertace numba[mis document was created by an unregistered ChmMapio, please goto hip: /iwww.bsenter.com to register it. Thanks| ection 7-15, distibute-it pret pretiist-namd outfoutng proces: hapter 8. Handling of MOSPF LS/ ection 6-1. ignove ga m ection @2. log alacenoy changes deal section 10-1, maxinum-gaths umber path apie 11, OSPF neighbor Commane] ection 11-3. neighvorfo-adcresd database-fter allo ection 11-4. neighboro-addresd pol intervallnterva ection 11-5, neighborly-addresd priority rir hapler 12_ OSPF network Commanc ection 12-1, networkfp-address wittcard-masi|arealrea-i hapter 13. Passive OSPF interlace ection 13-1 passive interface nterface-nameinferiace-numbe ection 132. passive-intetace defau hapler 14. Route Redistrbut ection 14-1, redistribute outing process process. ection 14.2, redstibutefouing procesdrocess-d meticlospt mer ection 143. redistibutefouting process process. mettic-ype|netrc ection 144, redistibutefouing process process. subnet ection 145, redstibutefoutng procesdprocess-idtaghag valu ection 14-6. redistribute outing process process i route map) oute-map-name hapler 15. Controling the OSPF Router ection 15-1, routeridfi-acoress hapier 16_ Summarizing Exiemal Routes ection 16-1_summary-address)o-adress mash ection 16:2. summary address aderess maslfot adver ection 163. summary adcressfp-aderess masfza)valu Becton 17-1. timers ls group pacing ection 17.2, timers spibelay inter hapier 18. Trac Sharing ection 18-1, traf share min across-intrtaces hap 19. Intetace Configuration Comman Becton 19-1. ip ospauthenticati Becton 19-2 ip ospt authentication authentication keyasswor Becton 19-3. ip ospl authentication message-ciges ection 19.5, ip ost costfasl ection 19-7. ip ospt dead: intervalhs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks ection 16-11, poset messane-dgest kelley mas pass ection 19-12. ip oso! miu-ignor ection 19-16. ip oso! network point-t-mulinoint non-broadcas ection 19-17. ip oso! network point to-poin] ection 19-20. ip oso! transmit-delayfeconad Bhapier 20. show Commands ection 20-1, show ip oso ection 20-2. show ip ospiprocess.i ection 20:3. show ip osp border-routers Becton 20-10 show ip ospifrocess i] database asbr suman ection 20-11. show ip ospf database ashe summanyastif ection 20-12. show ip ospi process database asbr-summar str, Bection 20-13. show ip ospt database database-summan] Becton 20-16. show ip ospifrocess i] database database-summan Bection 20-15. show ip ospt database exter ection 20-16. show ip ospfProcess-id database external ection 20-17, show ipospt database Becton 20-18 show ip ospifrocess i] database networ Provess.fastanase nssaexterna ection 20-21. show ip ospt database route ection 20-22. show ip ospiProcessi ection 20-31. show ip osptinterfacs[mis document was created by an unregistered ChmMapio, please goto hip: /iwww.bsenter.com to register it. Thanks| ection 20.32. show ip ospirocessi ection 20-38. show ip osp intertace] interac rterace|int name int-eumbel ection 20-35. show ip ospiProcess:i ection 20-37. show ip osptneightey Gestion 20-38. show ip ospifrocess.id Becton 20-9. show ip ospneightor detalfeignborid feichoorint name int eumbel ection 20-59. show ip osp! summary-addes: ‘name int-numbe] ection 20-60. show ip ospfProcess- summary adres: ection 20-61. show ip ospf vituabink ection 20-62. show ip ospiproess-id virtual in hapier 21. debug Command: ection 21-1, debug ip oxpt ad ection 21-2. debug ip ospl event ection 21-3. debug ip asp oo ection 21-4, debug ip osp! ood acess numbel ection 21-5. debug ip osp sa-generatio ection 21-6, debug ip osp sa-generatiolp- access ist numbel ection 21-7. debug ip ospt packe] ection 21-8. debug ip oso! retransmission ction 21-9, debug ip ospts ection 21-10. debug ip ospt spt external ction 21-11. debug ip ospt spt externalooess ist. numbe] jection 21-12_ debug ospt spt intl ection 21-13. debug ip ospt sot intel bocess-is-numbehs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks jection 21-14. debug ip ospt splint ection 21-15. debug ip ospt sot inti pocess-ist numb clear ip ospt counterd Bestion 22-1 ounters ection 2-7, clearip oso! redistribut ection 22-8, clearip ospfbrocess-idrecistbtor focal = Free Open Sty]This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks a Per >] Copyright Copyright® 2002 Cisco Systems, Inc Published by: is00 Press 201 West 1031d Street Indianapolis, IN 46290 USA ‘Allrights reserved. No pat ofthis book may be reproduced or transmited in any form or by any means, electronic or mechanical, including ‘photocopying, recorcing, or by any information storage and retrieval system, without writen permission from the publisher, except forthe inclusion of brief quotations in a review. Printed inthe United States of America 1234567890 Fist Printing Apri 2002 Library of Congress Cataloging Warning and Disclaimer “This book is designed to provide information about Cisco 10S Sofware OSPF commands. Every etforthas been made ta make this book as complete and as accurate as possible, but no warranty or ness simple. “The informations provided on an “as is" basis. The authors, Cisco Press, and Cisco Systems, nc, shall have neither Hablty nor responsibilty to any person or entity wih respect to any loss or damages arising ftom the infomation contained in his book or fom the use of the discs o programs that may accompany it “The opinions expressed inthis book belong tothe author and are not necessarly those of Cisco Systems, nc Trademark Acknowledgments ‘All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized, Cisca Press or Cisco Systems, Inc. cannot atest othe accuracy o this information. Use of aterm in this book should not be regarded as affecting the val of any trademark or service mark. Feedback Information 'A\Cisco Press, our glist create in-depth tecrical books othe highest quality and value. Each book is crafted wth care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community Readers! feedback isa natural continuation ofthis process. I you have any comments regarding how we could improve the quality of thisThis document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks ‘book, or otherwise alter to better sult your needs, you can contact us thraugh e-mail at [zedback@ciscopress.cor] Please make sure to include the book title and ISBN in your message. ‘We greatly appreciate your assistance, Credits Publisher John Wait Editor-in-Chiet Jahn Kane Cisco Systems Program Manager Michael Hackert Managing Editor Patrick Kanouse Development Editor (Christopher Cleveland Project Editor Mare Fowler Copy Eilitor Doug Lioys Technical Editors Mike Bass Brian Morgan Bil Wagner Robert White Team Coordinator Tammi Ross Book Designer Gina Resrode ‘Cover DesignerThis document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks Louisa Klueznik Production Team Argosy Indexer Tim Weight ‘corporate Headquarters isco Systems, no 170 West Tasman Drive San Jose, CA 95194-1708 Usa iw. ci69,c9n] Tel 408 526-4000 £800 S59-NETS (6387) Fax: 408 526-4100 European Headquarters ‘isco Systems Europe 11 Rue Camille Desmouins 92782 Isy les Moulineaux Cedex 9 France Tol: 38 1 58 04 6000 Fax: 38 1 58.04 61 00 ‘Americas Headquarters isco Systems, no 170 West Tasman Drive San Jose, CA 95194-1708 usa .ci869,cn] Tel: 408 526-7660 Fax: 408 527-0888 ‘Asia Pacific Headquarters— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| (Cisco Systems Australia, Pty, Lid Level 17,99 Walker Street North Sydney NSW 2059 Australia iw. ci69,c9n] Tol: +61 28448 7100 Fax: +61 2.9957 4350 Cisco Systems has mor 2 inthe following countries. Addresses, phone numbers, and fax numbers ae listed on the Cisco Web site at .cisc.comiaooticed ‘Argentina + Australia + Ausra + Belgium Brazil + Bulgaria» Canada « Chile «China + Colombia « Costa Rca» Croatia» Czech Republic» Denmark + Dubai, UAE + Finland France + Germany + Greece « Hong Kong + Hungary India Indonesia «Ireland + Israel Italy + Japan + Korea + Luxembourg + Malaysia « Mexico « The Netherlands » New Zealand » Norway + Peru + Philppines « Poland « Portugal « Puerto Rico» Romania « Russia» Saudi Arabia + Scotland « Singapore» Slovakia + Siovenia « South Africa» Spain Sweden + Switzerland «Taiwan + ‘Thaland + Turkey + Ukraine + United Kingdom «United States « Venezuela Vietnam + Zimbabwe Copyright © 2000, cisco Systems, Inc. Allrights reserved. Access Registrar, AccessPath, Are You Ready, ATM Director, Browse with Me (CODA, CODE, CCDP, CCIE, CCNA, CONP, CCSI, CD-PAC, CiscoLink, the Cisco NetWorks logo, the Cisco Powered Network logo, Cisco Systems Networking Academy, Fast Step, FeRunner, Folow Me Browsing, FormShare, GigaStack, IGX,Inteligence in the Optical Core, Internet Quotient, IP/VC, iQ Breakthrough, 1Q Expertise, iQ FastTrack, iQuick Study, iQ Readiness Scorecard, The iQ Lago, Kemel Proxy, MGX, Natural Network Viewer, Network Registrar, the Networkers logo, Packet, PIX, Point and Click Intemetworking, Policy Builder, RateMUX, ReyMaster, ReyView, ScipiShare, Secure Script, Shop with Me, SideCast, SMARTnet, SVX, TraficDrecor, TransPath ‘VanDirector, Voice LAN, Wavelength Router, Workgroup Director, and Workgroup Stack ae trademarks of Cisco Systems, Ine; Changing the Way We Work, Live, Ply, and Learn, Empowering the Intemet Generation, ae service marks of Cisco Systems, In.; and Aronet, ASIST, BPX, Catalyst, Cisco, the Cisco Certified Internetwork Expert Logo, Cisco 10S, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Colision Free, Enteprise/Solver, EtnerChannel, EtherSwitch, FastHub, FastLink,FastPAD, 10S, IPITY, IPX, LightStteam, LighiSwitch, MICA, NetRanger, Post-Routing, Pre-Routing, Registrar, SrataView Plus, Straim, SwitchProbe, “eleRouter, are registered trademarks of Cisco Systems, Inc. o is alates in the U.S. and cetain other counties. {All other brands, names, or trademarks mentioned inthis document or Web site are the property of their respective aumers. The use ofthe ‘word pariner does not imply a parnership relationship between Cisco and any other company. (0010R) Dedications ‘To my family and trends. Inthe final analysis, what else is there? svi] aoentaas ihs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks foes [: Free Oven Study 5 About the Author \Witam . Parkhurst, P.D., CCIE #2969, isa program manager with the CCIE group at Cisco Systems. Bilis responsible forthe CCIE ‘Communications and Services exams. Pia to joining the CCIE team, Bil was a Consulting Systems Engineer supporing Sprint. Bl st ‘became associated with Cisco Systems while he was a Professor of Electrical and Computer Engineering at Wichita State University (WSU). In conjunction with Cisco Systems, WSU established the first CCIE Preparation Laboratory [ice ous Shays in— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| About the Technical Reviewers Mike Bass has worked for 2 years in computer networking, the last 17 years at Sprint. Mike's networking experience began with [: Free Oven Study 5 mincomputer and mainframe networks and now consists of planning and design for distributed and peer-to-peer systems supporting voce, Video, and data services. Mike is curently responsible forthe introduction of new networking technologies to suppart Sprint internal associates. Brian Morgan, CCIE #4865, CSI, isthe Director of Data Network Engineering at Allegiance Telecom, Inc. He's been inthe networking industry fr over 12 years. Prior to going to Allegiance, Brian was an instructorconsultant teaching ICND, BSCN, BSCI, CATM, CVOICE, and BBCRAN. Brian isa co-author af the Cisco Press Remate Access Exam Certifcation Guide and technical edtor of numeraus aher Cisco Press ties. Bill Wagner works as a Cisco Certied System Instructor for Mentor Technologies. He has 23 years of computer programming and data, ‘communications experience. He has worked for corporations and companies suc as Independent Computer Consultants, Numerax, Mc Graw-illNNumerax, and Standard and Poor. His teaching experience started with the Chubb Insitute, Protocol Interface Inc, Geotain, Mentor Technologies. He is currently teaching at Skyline Computers Corporation. Robert L. White isan IP Network Design Engineer with Sprint's Long Distance Division intemal data network. Roberts design expertise focuses on routing protocols, external gateway connectivity, and IP adoress administration ona large multrprotocol network. [- Free Open Study >— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| [ice ous Shays Acknowledgments | would tke ta acknowledge the super effort of all hose involved with the development ofthis handbook. The reviewers of this book, Mike Bass, Brian Morgan, Bill Wagner, and Robert White, not only found the erors inthe book but also contributed suggestions on how to improve the content and clay of ths handbook. Ther efforts are greatly appreciated. | would also ke to thank John Kane and Chris Cleveland of (Cisco Press fr ther guidance and help in bringing tis project to a successful completion. Finally, | want to thank my wife, Debbie, for her ‘encouragement and support during tne many evenings and weekends while | was spending more ime with routers than with her. She was als the intial reviewer of his book and found misspelings, grammatical eros, and things that just didnt make sense. Once again she made a— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| a Per >] Introduction have been involved withthe word of networking from many erections. My experiences in education, network consulting, service provider ‘support, and cerfiction have shown me tha there is a common thea tha frustrates people in alla these arenas. That common thread is documentation. There are many facors that cause documentation tobe frustrating but the most common are amount, clarity, and completeness. The amount of documentation avaiable, especially in regards to OSPF, can be overwhelming. For a person whois beginning toleam OSPF, the question, "Were do begin?" There ae very good books, RFCs, white papers, and command references avaiable, but itis difcut to know where to stat. The carty of documentation depends on your personal situation. For a seasoned OSPF designer, the {documentation may be clear and concise. To an individual preparing fora professional certiicaion such as the CCIE, the same documentation may be confusing. Even ithe documentation is clea itis sometimes not complete. You may understand the words but be confused by the application. The purpose ofthis book sto provide an OSPF handbook tat is clear, concise, and complet. This book is not meant to be rea from cover to cover. The way you use this book will depend on your objectives. If you are preparing forthe CCIE writen and lab exams, this book can be used a a laboratory guide to learn the purpose and proper use of every OSPF command. If you are a network designer then ths book can be used as a teady reference for any OSPF command, inorder to satisty these varying audiences the structure ofthis book reasonably simple. Each OSPF command silustrate using the folowing structure: © Listing of the command structure and syntax © Syntax description forthe command wth an explanation of all command parameters ‘© The purpose ofthe command and the situation whee the commands used (© The frst release of the 10 in which the command appeared © one or more configuration examples to demonstrate the proper use ofthe command © Procedures and examples to vei that the command is wotkng propery © How to traubleshoot the command when things are not working as intended “The example scenarios that demonstrate the proper use ofthe OSPF commands can be implemented on a minimum numberof routers. This wil allow yout lear each command without requiing an extensive and expensive lab configuration, The scenarios are presented otha the purpose and use of each command can be presented without clouding the issue. Some ofthe examples lead you into common non-working ‘uations in order to reinforce the understanding of the operation of the particular OSPF command, My hope is that this handoook il help you prepare forthe CCIE exam, allow you to propery use OSPF in your network, or both, svi] aoentaas ihs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Fie Open Suara Recommended Reading This book assumes that you have a working knowledge of OSPF theory of operation and OSPF terminology. The folowing references can be used o supplement your knowledge of OSPF. (OSPF Network Design Solution, Thomas M. Thomas I, Cisco Press (second edton willbe released December 2002) outing TOPIP Volume 1, Jetf Doyle, Cisco Press in Fie Open SuaraThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, Piece sua Per >] Icons Used in This Book es Be Router Bridge DSU/CSU al babel ro Catalyst Multilayer ISDN/Frame Relay ‘Switch Switch Soiteh Switch Communication Gateway Server um Macintosh —_> — =— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| Biss Terminal Cisco Works Workstation Printer Line: Ethernet Token Ring Line: Serial >) seen FDDI Line: Switched Serial Cy Network Cloud Frame Relay Virtual Circuit rvs] eoantaas i— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| [: Free Oven Study 5 foes Command Syntax Conventions “The conventions used o present command syntax in tis book ae the same conventions used in he Cisco IOS Software Command Reference. The Command Reterence describes these convention as follows: © Vertical bas) separate ateraiv, mutually exclusive elements © Square brackets [indicate optional elements © Braces {) indicate a required choice. (© Braces within brackets [indicate a required choice within an optional element Boldface indicates commands and keywords that are entered itealy as shown. In actual configuration examples and output (not ‘general command syntax), boldface indicates commands that are manually input by the user (such asa show command) © Iraics indicate arguments for which you supply actual values. [ice ous Shayshs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Free Open Str fa) Chapter 1. OSPF Process Configuration Commands acess fen abcd fn Fie Open Sua rnThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, [fee Open Suey fa) 1-1 router ospf process-id ‘Syntax Description: (© process:id—The OSPF process ID. The range of values is 1 to 65536. Purpose: Used to enable one or more OSPF processes on a router. The process ID is only significant onthe local router. Use thao form of the command ta remove an OSPF process. Initial 10S Sottware Release: 0.0 Configuration Example: Enabling an OSPF Process Before you enable an OSPF process, there must be at least one active interface with an assigned IP adress. OSPF uses the highest IP ‘address assigned to an ative interface asthe OSPF Router ID. loopback interfaces have been configured, then OSPF will use the highest loopback address as the Router ID even he highest loopback IP adress is smaller than the IP address of any active physical nterace Using a loopback interface on an OSPF router is 1 because a loopback interface is never down. loopback interace will produce a stable OSPF router ID. The network in igure 1-4 demonstrates thatthe OSPF Router 1D (RID) is the highest IP address assigned to an actve physical interface. Ia loopback interface is used, then OSPF wil use the loopback IP address as the OSPF RID. Figure 1-1. OSPF Router ID Selection So/t 10.1.1.1/30 OSPF Router ID 10.1.1.2 sort so Loopback 0 10.41.1780 40.1.1.2/30 2.2.2.2/32 OSPF Router IDThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks 2.2.2.2 ‘Star by removing all P addresses and loopback interfaces from Router B. Now, attempt to canigure an OSPF process on Router B. ‘tB#configure terminal Enter configuration commands, one per line. End with CNTLZ. ‘trB(config)#router ospt 1 (OSPF: Could not allocate router id (OSPF cannot be enabled on Router B because OSPF needs a RID and there are no IP addresses assigned on Router B. Configure the serial Interfaces on Routers A and 8 and then configure an OSPF process on Router B Router A intertace SerialO/t bandwidth 64 Ip address 10.1.4.4 255.255.255.252 clockrate 64000 Router 8 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 bandwidth 64 router ospt 1 ‘The configuration af the OSPF process on Router B was successful. Examine the OSPF RID on Router 8 using theshow ip espfcammand, ‘uBéshow ip ospt Routing Process oso! 1 wih [SOO ‘Supports only single TOS(TOSO) routes ‘SPF schedule delay 5 ses, Hold ime between two SPFs 10 secs ‘Number of Dobitless external LSA 0This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Number of DoNotAge external LSA 0 [Number ot reas in his routers 0, 0 normal 0 stub O nssa ‘The only active interface on Route Bis Seia0, so OSPF will use the IP address assigned to Sera forthe router ID. Adda loopback interlace to Router B and then re-examine the OSPF RID on Router B. Router interface Loopback® Ip address 2.22.2 255.255.255.255 ‘uBéshow ip ospt Routing Process oso! 1 wih [SOO ‘Supports only single TOS(TOSO) routes ‘SPF schedule delay 5 ses, Hold ime between two SPFs 10 secs Number of DCbites external LSAO Number of DNotAge external LSA 0 "Number of areas in his routers 0. O normal O stub 0 nssa ‘The OSPF RID has nt changed. This a stably feature of OSPF. The route ID wil not change uness the OSPF process restarted ori te interface used fo the RID goes down. Shut down the sera intertace on Router B, re-enable the serial iterace on Router B, and examine the elfect onthe OSPF RID. Verification Veiiy thatthe OSPF RID on Router Bis equal to the IP address assigned tothe loopback interface, ‘uBéshow ip ospt Routing Process "spt 1" wit OI ‘Supports only single TOS(TOSO) routes ‘SPF schedule delay 5 ses, Hold ime between two SPFs 10 secs Number of DCbites external LSAO Number of DNotAge external LSA 0 [Number ot reas in his routers 0, 0 normal 0 stub O nssahs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Troubleshooting ‘Verily that a loopack interface has been configured and an IP address assigned before configuring OSPF. A loopback interface is nat ‘mandatory, but it wl add stability to your OSPF network. [- Free Open Study >hs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Free Open Str— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| 1-2 router ospf process-id vrf name ‘Syntax Description: (© process-id—The OSPF process ID. The range of values is 1 to 65535. © rame—VPN Routing/Forwarding Instance (VRF) name. Routes learned by he OSPF process will be placed inthe VAF instead ofthe global IP routing table Purpose: n a Muliprotecol Label Switching (MPLS) vitual private network (VPN) environment, this formof the OSPF router command is used ta transfer VPN custom en the service provider and the VPN customer. In an MPLS/VPN environment, there ar three "pes fete show nia Figure 1-2. General MPLS/VPN Architecture © Provider (P) outers © Customer edge (CE) routers © Provider edge (PE) routers P routers are routers in the service provider network that have no connections to CE routers. PE routers are the interface routers between the ‘customer and the service provider. Tag or label switching and an interior gateway protocol (IGP), such as OSPF, are run between P and PE routers to exchange intemal service provider routes. These routes are installed in the global IP routing table onthe P and PE routers. The PE routers have additional IP routing tables, one fr each attached VPN customer. These routing tables are called VAF instances. Wen OSPF is configured using the vf opin, routes learned from the CE wil be placed into the appropriate VRF on the PE router. These VPN routes will be exchanged between PE routers via mukiprotocol IBGP. For a detailed discussion of MPLS and MPLS VPNs, see the Cisco Press book MPLS and VPN Architectures by an Pepelnjak and Jim Guichard, Initial 10S Software Release: 120 a Per >]hs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks an) cron Saas Chapter 2. OSPF Area Commands Becton 21 area [authenticator fear solomon) Beinn 25 areaIrea dcetaut costfoa Beinn 2-4 areafrea dss Becton 2:5. area)orea-dnssa default information originate Beinn 2-6 areafrea ]nssa noredistibutod Becton 27. atealorea-d]nssa no-summa fae coke Beinn 29 arealrea drangelo asdress mas aavers Becton 2-10, areafrea-idrangefp-adoress masfoot advert rt Becton 2-11, areabrea-idstut Beinn 2-12, arearea sub no summary Becton 2:13, arealransiarea-dvituatinkbouterid] Becton 214 redfransit-area-idfirtualtinifouterdputhentication authentication-keWpasswo Becton 2:15, redfransiarea.dvinualsinifovter-Jputhentication message-diges Beeston 216 redfransit-area-idfirtual-tinifouter dputhentication null Becton 2:17, arealransiarea-d virwal-tnkDouterifauinentcation-key basswor Beinn 2-16, area)ransit-area vue infouterid dees intealfeconad Becton 2:19, arealanst-area.d vitualnk}outerinetosntewalheconds [eae so eee neo as Becton 2:21, arealransiarea-d vitualtnkDouteriQretransmitinterallsscor Beinn 2.20, arealranst-area dvvat njouteridvansmit elayPeconad Free Open Study >| fanshs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks Free Open StrThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, 2-1 area area-id authentication NOTE ‘This command requires the following adsitonal commands: For a physical interface: ip ospf authentication key password (see Becion 1: For (sxe| ital ink it authentication is used in area 0: area ransit-area virtual-tink router authent ction 2-1 ‘Syntax Description: (© area-id— OSPF area ID. This value can be entered as a decimal number inthe range of Oto 4.294,967,296 orn IP address format inthe range 0.0.0.0 to 255.255.255.255. This command wil enable simple password authentication in the indicated OSPF area, By default, authentication isnot enabled © transi-area— The OSPF area across which the vitual Ink s configured, © password Clear-text password tobe used for authentication inthe selected area on the selected interface or vitual nk. The password isan alphanumeri string from 1 to 8 characters © routerid— OSPF router ID of the router atthe remote end of the virtual ink. Purpose: To enable simple cleartext password authentication in an OSPF area, OSPF simple authentication requires the use ofthe router configuration command to enable authentication in an area and te interface or vitual-nk command for password configuration, Because this router configuration command enables authentication n an area, you must configure every interface in the area for authentication i using ‘soo IOS Software Release 11.X or eae. In Cisco IOS Software Release 12.X, the authentication used on an interface can be diferent than the authentication enabled for an area. When using Cisco |OS Software Release 12.X, the authentication method used on ferent interfaces inthe same area does not need tobe the sam command Ip ospf authentication null seeBection 19-1 ‘both ends of a common ink must use the same password, Authentication is enabled by area (Cisco |OS Software Release 11.X and eater), soit possible to employ authentication in one area without using authentication in other areas. The cleartext passwords not encrypted, so itl be possible for someone to intercept OSPF protocol packets and compromise the password. Initia Cisco 108 Software Release: 10.0 You can remove authentication from selected interfaces using the interface “The password does not need io be the same on every interface in the area, but Configuration Example: Simple Password Authentication For the network in Figure 2 start by configuring OSPF without authentication in Area 0 Figure 2-1. Network Used to Demonstrate OSPF Authentication Configuration and TroubleshootingThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, st 10.1.1.10/90 outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial010 Ip address 10.1.1.9 255.255.255.252 Interface Serial0it Ip address 10.4.1.1 255.255.255.252 lock rate 64000 router ospt 1 network 10.1.4.00.0.0.18 area 0 Router 8 Interface LoopbackoThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 lock rate 64000 router ospt t network 10.1.1.00.0.0.15 outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 Interface Serialt Ip address 10.1.1.10 255.255.255.252 lock rate 64000 router ospt t network 10.1.1.00.0.0.15 Verily the OSPF configuration on Routers A,B, and C by displaying the state of each router's OSPF neighbors.This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘tiA#show ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 3333 1 FULL'- 000038 10.1.1.10 Serial 2222 1 FULL'- 000037 1011.2 Serialt ‘tBshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface TAA 1 FULL 00:0035 10.1.1. Serio 3333 1 FULL’- 000030 10.1.6 Serial ‘tC#show Ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 2222 1 FULL'- 000030 10.1.1.5 Serial Att 1 FULL 00:00:37 10.119 Seralt Verily that OSPF isnot using authentication, ‘tA#show Ip ospt Routing Process "ost 1" with ID 1.4.1.1 ‘Supports only single TOS(TOSO) routes ‘SPF schedule delay 5 secs, Hold time between two SPFS 10 secs Mrimum LSA intewal sees. Minimum LSA aval t secs "Number of external LSA 0. Checksum Sum 0x0 ‘Number of Dobitless external LSA 0This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks Number of DoNotAge external LSA 0 [Number ot reas in this routers 1. 1 normal 0 stub O nssa ‘Area BACKBONE(0) Number of interfaces inthis area is 2 ‘Area has no authentication ‘SPF algorithm executed 6 mes ‘rea ranges are Number of LSA 3. Checksum Sum Ox25F8D Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotage LSA 0 Mody the configurations on Routes A, B, and C by adding simple password authentication to Area 0. For this example, you wll use the ear-text password “e300 outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial010 Ip address 10.1.1.9 255.255.255.252 ! Interface Serial0it Ip address 10.4.1.1 255.255.255.252 lock rate 64000 router ospt 1This document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 lock rate 64000 router ospt 1 outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Interface Serialt Ip address 10.1.1.10 255.255.255.252 lock rate 64000 Verification Verily thatthe OSPF neighbor relationships ae sil acve ‘tiA#show ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 33331 FUL 00:0031 10.11.10 Serio” 2222 1 FULL 00:00:30 10.1.12 Serio" ‘tBshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface tat 1 FUL 00:00:38 10.1.1.1 Serio 3333 1 FULL 00:00:33 10.118 SeraltThis document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks ‘tC#show Ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 2222 1 FULL'- 000033 10.1.1.5 Serial ttt 1 FULL 00:00:30 10.119 Serial Verily that simple authentication is enabled fr Area 0. ‘tAéshow ip ospf Routing Process “oso 1" wth ID 1.1.1.1 ‘Supports ony single TOS(TOSO) routes ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of external LSA 0. Checksum Sum 0x0 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 [Number of areas inthis routers 1.1 normal 0 stub 0 nssa ‘rea BACKBONE(0) Number of interfaces inthis area is 2 EES ‘SPF algorithm executed 9imes ‘rea ranges are Number of LSA 3. Checksum Sum Ox24F95 Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotAge LSA 0 “The password used can be seen by anyone looking at your configuration. For added security, the password in the configuration can be ‘encrypted using the global configuration command service password-eneryption, 2s shown in the folowing configuration. outer A service password-eneryptionThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Listing the configuration wil show thatthe password has been encrypted. Although the password is encrypted inthe configuration, iwi stil be sentin cleartext by OSPF. ‘trAfshow running-contig Bulling configuration, (Current configuration: version 12.0 service timestamps debug uptime service timestamps fog uptime hostname rr Ip subnet zero Interface Loopbacko Ip address 1.1.1.1 255.255.255.255 no ip drected-oroadcast Interface Serial0/0 Ip address 10.1.1.9 255.255.256.252 no ip drected-oroadcast no ip mroute-cache Interface Serial0/t Ip address 10.1.1.1 255.285.256.252This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks no ip drected-oroadcast clockrate 64000 Troubleshooting outer A ‘Step 1. Before enabling authentication in an OSPF area, vey that there isa neighbor relationship among all OSPF routers by using the show ip ospf neighbor command ‘Step 2. Vey that authentication has been enabled for every OSPF router with an interface inthe area where authentication is being deployed ‘Step 3. Vey that every interface in an OSPF area that is using authentication is configured withthe proper password. ‘Step 4. If any OSPF neighbor relationships elsappear ater configuring authentication, then debugging can be used to determine the problem. For example, change the password on Route A Interface Serial 00, to bosco, as shown here. Interface Serial010 Ip address 10.1.1.9 255.255.255.252 List the OSPF neighbors for Router A ‘trAshow ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 2222 1 FULL’ 00:00:36 10.1.1.2 Serlalo/t Router A has lost Router C as a neighbor. Enable debuaging on Router A to see the problem can be determined, strAdebug ip ospf events (OSPF events debugging is on atThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks (08:41:08: OSPF: Rov hello from 2.22.2 area 0 trom Serial 10.1.1.2 (08:41:08: OSPF: End of helo processing Be careful when configuring passwords. A space is valid character, so if you use the passworbiscoespace> then there will be a password ‘mismatch, bt you wan' be able to tell by looking atthe cotiguaton, ‘Change the password on Router A, serial 0/0, back to cisco and remove the OSPF router configuration command area 0 authentication. outer A Interface Serial0/0 Ip address 10.1.1.9 255.255.255.252 router ospt 1 Router A should drop both OSPF neighbors. ‘trAshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 3333 1 INIT/- 00:00:38 10.1.1.10 Serialovo 2222 1 INIT 00:00:99 10.1.1.2 Serio Now debug the OSPF tation Router B or © to determine the prablem. strBédebug ip ospf events (OSPF events debugging is on cod (08:58:40: OSPF: Rov hello om 3.3.3.3 area O from Serial 10.1.1.6hs document was created by an unregistered ChmMagic, please go to hiip/ynew.bisenter.com to register it. Thanks (08:55:40: OSPF: End of hello processing Routers Band C are using type 1 authentication (simple password) and Router A is using type 0 authentication (none) Fie Open SuaraThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, a Per >] 2-2 area area-id authentication message-digest NOTE ‘This command requires the following adtional commands: Fora physical interface: ip ospt message-digest-Key key ida password (seefsecion 19) For a vital ln authentication is used in Area 0: area transit area vrtual-Iink rovte-id message-digest-key key-idmd5 password (see ection 2-24 ‘Syntax Description: © ayea-id— OSPF area ID. This value can be entered as a decimal number in the range of Oto 4,294 967,295 orn IP address format inthe range 0.0.0.0 to 256.256 255.256. This command will enable simple password authentication inthe indicated OSPF area, By default, authentication isnot enabled © key-id— Key used to encrypt a password. The range of values is 1 to 255. Both ends ofa lnk must use the same key and password © password Password tobe used for authentication inthe selected area on the selected interface or virtual lnk. The password is ‘an alphanumeric string from 1 to 8 characters. © transi-area— The OSPF area across which the vital Ink s configured, © routerid— OSPF router ID of the router atthe remote end of the virtual ink. Purpose: To enable MDS password authentication in an OSPF area, OSPF MDS authentication requires the use ofthe router cotiguration ‘command to enable authentication in an area and the interface or viual Ink command for ey and password configuration. Since tis router configuration command enables authentication in an area every interlace inthe area must be configured with an authentication key and password if using Cisco IOS Sofware Release 11.X or eater. In Cisco 1OS Software Release 12, the authentication used on an interlace canbe diferent rom the authenticalon enabled for an area, When using Cisco 10S Software Release 12.X, the authentication method used ‘on different interfaces inthe same area doe command ip ospf authentication null (see nat ned Bection 19- the same. Authentication can be tured of on selected interfaces using the “The key and password do not need tobe the same on every intertace, but both ‘ends ofa comman lnk need to use the same Key and password, Autheticaion is enabled by area (Cisco IOS Sofware Release 11.X and atl) soitis possible to employ authentication in one area without using authentication in other areas. The passwords encrypted, so tis extremely lfc or someone to intercept OSPF protocol packets and compromise the password Initial Cisco 10S Software Release: 11.0 Configuration Example 1: MD5 Password AuthenticationThis document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, For the network infigure 2 inaly configure OSPF without authentication in Area 0 Figure 2-2. Network Used to Demonstrate OSPF MD5 Authentication Configuration and Troubleshooting key id= 2 password = ciscoab st 10.1.1.10/30 6/30 outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 ! Interface Serial010 Ip address 10.1.1.9 255.255.255.252 ! Interface Serial0it Ip address 10.4.1.1 255.255.255.252 lock rate 64000This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, router ospt t network 10.1.1.00.0.0.15 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 lock rate 64000 router ospt t network 10.1.1.00.0.0.15 outer © Interface Loopbacko Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 Interface Serialt Ip address 10.1.1.10 255.255.255.252This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks lock rate 64000 router ospt t network 10.1.1.00.0.0.15 Veiiy the OSPF configuration on Routers A, B, and C by asplaying the state ofeach router's OSPF neighbors ‘tiA#show ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 3333 1 FULL'- 000038 10.1.1.10 Serial 2222 1 FULL'- 000037 1011.2 Serialt ‘tBshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface TAA 1 FULL 00:0035 10.1.1. Serio 3333 1 FULL’- 000030 10.1.6 Serial ‘tC#show Ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 2222 1 FULL'- 000030 10.1.1.5 Serial Att 1 FULL 00:00:37 10.119 Seralt Verily that OSPF isnot using authentication. ‘tA#show Ip ospt outing Process “oso! 1" with ID 1.1.1.1This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks ‘Supports ony single TOS(TOSO) routes ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of external LSA 0. Checksum Sum 0x0 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 [Number of areas inthis routers 1.1 normal 0 stub 0 nssa ‘rea BACKBONE(0) Number of interfaces inthis area is 2 ‘Area has no authentication ‘SPF algorithm executed 6 mes ‘rea ranges are Number of LSA 3. Checksum Sum Ox25F8D Number of Dobitess LSA 0 Number of inication LSA 0 Number of DoNotAge LSA 0 Modiy the configurations on Rauters A, B, and C by adding MDS password authentication to area 0. For this example, use the passwords céscoab,clscobe, and ciscoac to demonstrate that multple passwords can be used in an area, outer A Interface Loopbacko address 1.1.1.1 256.256.255.255 Interface Serial010 Ip address 10.1.1.9 255.255.255.252 Interface Serial0it Ip address 10.4.1.1 255.255.255.252This document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks lock rate 64000 router ospt 1 Router 8 Interface Loopbacko address 2.2.2.2 256.256.255.255 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 Interface Serialt Ip address 10.1.1.5 255.255.255.252 lock rate 64000 router ospt 1 outer © Interface LoopbackoThis document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks Ip address 3.3.3.3 256.256.255.255 Interface Serial0 Ip address 10.1.1.6 255.255.255.252 Interface Serialt Ip address 10.1.1.10 255.255.255.252 ‘lock rate 64000, router ospt 1 Verification Veiiy thatthe OSPF neighbor relationships are sil acive, ‘trAshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 9333 1 FULL’- 000031 10.1.1.10 Serial 2222 1 FULL'- 000030 10.1.1.2 Serial’ ‘tiBéshow Ip ospf neighborThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Nejghbor ID Pri State Dead Time Address Interface TA 1 FULL 00:0038 10.1.1.1 Serialo 3333 1 FULL’- 000033 10.1.1.6 Serial ‘tC#show Ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 2222 1 FULL'- 000033 10.1.1.5 Serial ttt 1 FULL 00:00:30 10.119 Serial Verily that MDS authentication is enabled for Area 0. ‘tAéshow ip ospf Routing Process “ospt 1" with ID 1.1.1.1 ‘Supports ony single TOS(TOSO) routes ‘SPF schedule delay 5 secs, Hold ime between two SPF 10 secs Minimum LSA interval 5 secs. Minimum LSA artal 1 secs, [Number of external LSA 0. Checksum Sum 0x0 [Number of DCbtless external LSA 0 [Number of DoNotAge external LSA 0 [Number of areas inthis routers 1.1 normal 0 stub 0 nssa ‘rea BACKBONE(0) Number of interfaces inthis area is 2 na ‘SPF algorithm executed 2 imes ‘rea ranges are Number of LSA 3. Checksum Sum Ox14A19 Number of Dobitess LSA 0 Number of nication LSA 0This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Number of DoNotage LSA 0 ‘The password used can be seen by anyone looking at your configuration. For added secur, the password in the configuration can be «encrypted using the global configuration command service password-eneryption, as shown inthe following contiguraton. outer A service password-eneryption Listing the configuration wil show thatthe password has been encrypted, ‘trAfshow running-contig Bulling configuration, (Current configuration: version 12.0 service timestamps debug uptime service timestamps fog uptime hostname rr Ip subnet zero Interface Loopbacko Ip address 1.1.1.1 255.255.255.255 no ip drected-oroadcast Interface Serial0/0 Ip address 10.1.1.9 255.255.256.252 no ip drected-oroadcastThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks no ip mroute-cache Interface Serial0/t Ip address 10.1.1.1 255.285.256.252 no ip drected-oroadcast clockrate 64000 Configuration Example 2: Changing Keys and Passwords For adctional security, you may choose to perioccaly change the key and password, With clea-ext authentication, changing passwords will cause a loss of OSPF connectivity from the time you change the password on one interface unl you change the password atthe ther end of the link. With MDS authentication, you can configure a new key and password ona ink while leaving the old key and password in place. The ‘ld key ang password will contin tobe used unt the new key and password are configured on the other end of the lnk. Modty the key and password onthe lnk between Routers A and B. Add a new key and password on Router Ain order to observe the behavior when the new key and passward have only been configured on one end ofthe nk Router A intertace SerialO/t Ip address 10.1.4.4 255.255.255.252 no ip drected-broadcast Ip ospf message-digest-key 2 mds ciscoab clockrate 64000 Verily thatthe OSPF neighbor relationship between Routers A and B is sil active. ‘trAshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 3333 1 FULL'- 000034 10.1.1.10 SerialThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks ‘You can determine i Router Ais using both keys wen communicating with Router B by viewing the interface properties or by enabling (OSPF debugging ‘trAshow ip ospf interface s0i1 Serial is up line protocols up Internet Address 10.1.1.180, Area 0 Process ID 1, Route IO 1.1.11, Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wat 40, Reransmit Hello due in 00:00:08 Neighbor Counts 1, Adjacent neighbor counts 1 ‘Adjacent wth neighbor 222.2 ‘Suppress hello for 0 neighbors) ‘Message digest authenicaion enabled Youngest key idis 4 Rollover in progress, 1 neighbors) using the old key(s): heyia2 ‘wAtdebug ip ospf events (OSPF events debugging is on nt (01:30:25: OSPF: Rev helo rom 3.3.3. area 0 trom Serial 10.1.1.10 (01:30:25: OSPF: End of hello processing (01:30:26: OSPF: Rev hel om 22.2.2 area O trom Serial 1.1.1.2 (01:30:26: OSPF: End of hello processing (01:30:30: OSPF: Send with youngest Key 1 Notice that both keys ate being used for authentication. Configure the new key and password on Router B wile leaving the old key andThis document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks password in place. Router 8 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 no Ip directed-broadcast Ip ospf message-digest-key 2 mds ciscoab Routers A and 8 will now use the youngest key (the last Key configured) ‘wAtshow ip ospt intertace s0/t Serial is up line protocols up Intemet Adress 101.1.180, Area 0 Process ID 1, Route IO 1.1.11, Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 $20, State POINT_TO POINT, Timer intervals conigured, Hello 10, Dead 40, Wat 40, Retarsmit 5 Helo due in 0:00:02 Neighbor Counts 1, Adjacent neighbor counts 1 ‘Adjacent with neighbor 2222.2 ‘Suppress hello for 0 neighbors) “The old key and password can now be removed trom routers A and B using the no form of he interlace command. Troubleshooting ‘Step 1. Before enabng authentication in an OSPF area, verity that there isa neighbor relationship among all OSPF routers by using the show ip ospf neighbor command.This document was created by an unregistered ChmMagic, please go to http:www.bisenter.com to register it. Thanks ‘Step 2. Vey that authentication has been enabled for every OSPF router with an interface inthe area where authentication is being deployed ‘Step 3. Verily that every interface using authentication in an OSPF area has been configured withthe proper key and password. ‘Step 4. If any OSPF neighbor relationships alsappear ater configuring md authentication, debugging can be used to determine the problem. For example, change the key-id on route , interface Serial Oo 5, Use the no form ofthe command to remove the ‘orginal key and passward betore applying the new ey. Router 8 Interface Serial0 Ip address 10.1.1.2 255.255.255.252 List the OSPF neighbors for Router A ‘trAshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 9333 1 FULL’- 000031 10.1.1.10 Serial Router A has lost Router C as a neighbor. Enable debugging on Router A to see if you can determine the problem. strAdebug ip ospf events (OSPF events debugging is on Be careful when configuring passwords. A space is a valid character, sof you use the password clscoespace> then there willbe a password mismatch, bt you wont be able to tll by ooking atthe configuration, especially ifthe password is encrypied inthe configuration, (On Router A, remove the OSPF router configuration command area 0 authentication message-digest. Restore the proper key on Seriald ‘on Router B, outer A Interface Serial010This document was created by an unregistered ChmMagic, please go to http:/wu.bisenter.com to register it. Thanks Ip address 10.1.1.9 255.255.255.252 ! router ospt 1 Router interface Serial0 Ip address 10.1.1.2 255.255.255.252 no Ip ospt message-digest-key 5 md5 ciscoab Ip ospf message-digest-key 2 mds ciscoab Router A should drop both OSPF neighbors. ‘trAshow ip ospf neighbor Nejghbor ID Pri State Dead Time Address Interface 3333 1 INIT/- 00:00:38 10.1.1.10 Serialovo 2222 1 INIT 00:00:99 10.1.1.2 Serio Now debug the OSPF traffic on Rute B or C to determine the problem. ‘B#debug ip ospf events (OSPF events debugging is on Bt 21:43:04: OSPF: ev helo om 3.3.3.3 area 0 tom Serial! 10.1.1 21:43:04: OSPF: End of hello processing 21:43:05: OSPF: Send with youngest Key 4 21:49:08: OSPF: Send with youngest Key 3— was created by an unregistered ChmMagic, please goto hit. bisenter.com to register it. Thanks| Routers B and C ae using type 2 authentication (MDS) and Router Ais using type O authentication (none). [: Free Oven Study 5This document was created by an unregistered ChmMagic, please go to http:/www.bisenter.com to register it. Thanks, [ice ous Shays 2-3 area area-id default-cost cost NOTE ‘This command requires the following adetional commands: area areaidnssa (seeiecion 2-4 area areavid stub (see Becion 214 ‘Syntax Description: (© area-id— OSPF area ID. This value can be entered as a decimal number inthe range of Oto 4.294 967,295 orn IP address form in the range 0.0.0.0 to 255.255.255.255, © cost—The default cost ofan OSPF stub area's advertised external defauit route metic. The range of values is Oto 16,777,215. “The default vale is 1. The cost value willbe added tothe cos of reaching the Area Border Router (ABR) that is advertising the detaul route Purpose: External networks will ot be advertised into stub or totaly stubby afea. External networks are networks that have been redstriauted into OSPF. Extemal OSPF routes and inter-area OSPF routes are not advertised into taaly stubby area. When an OSPF area is configured as a stub area, a default route willbe generated by the ABR int the stub area in place ofthe external routes. When an OSPF ateais configured asa totally tubby afea, the default route replaces the extemal and inter-area routes. The purpose ofthis command is to set the cost ofthe default route advertised ito a stubby, totally stubby, or no-so-subby area. I his command is not used, then the cost of ‘he default route willbe 1. When configuring stub areas, al routers wit interfaces inthe stub area must be configured wit the same stub atea type. Initia Cisco 108 Software Release: 10.0 Configuration Example: Setting the Default Cost for a Stub Area Intl, the networkin Figure 2s configured without a stubby area to compare the diferences between the routes advertised info a narmal ‘area with those advertised info.a stubby area. You will reistribute the loopback interface on Router C inorder to generate an external route (on Routers A and 8. Figure 2-3. External OSPF Routes Are Not Advertised into an OSPF Stub Area. Inter-area and External Routes Are Not Advertised into a Totally Stubby Area