OSPF authentication

I can't get a PIX 515E to form an adjacency with MSFC2 router using md5 authentication. MSFC2 goes from exstart to complain about too many broadcasts of dbd.

OK, thanks for checking out this. Looks like CSCeb77142 to me. Go ahead and open a TAC and request that the post of engineer the last 6.3 (3) provisional release for you. Give that a shot and let me know.

Scott

Tags: Cisco Security

Similar Questions

ASR900 - OSPF-4-NOVALIDKEY: no valid authentication send button is available on the interface

Hello

I have a few ASR902 running 15.4 (3) S1, where I see a lot of following messages:

225908: 13:22:19.850 Feb 16 AST: OSPF-4-NOVALIDKEY %: no send to valid authentication key is available on the BDI960 interface
225909: 13:22:36.571 Feb 16 AST: % 4-OSPF-INVALIDKEY: Key ID 0 receipts on the BDI960 interface
225910: 13:23:19.921 Feb 16 AST: OSPF-4-NOVALIDKEY %: no send to valid authentication key is available on the BDI960 interface
225911: 13:23:36.751 Feb 16 AST: % 4-OSPF-INVALIDKEY: Key ID 0 receipts on the BDI960 interface
225912: 13:24:20.213 Feb 16 AST: OSPF-4-NOVALIDKEY %: no send to valid authentication key is available on the BDI960 interface
225913: 13:24:36.819 Feb 16 AST: % 4-OSPF-INVALIDKEY: Key ID 0 receipts on the BDI960 interface
225914: 13:25:20.304 Feb 16 AST: OSPF-4-NOVALIDKEY %: no send to valid authentication key is available on the BDI960 interface

Applied to the interface configuration is the following:

interface BDI960
IP 10.1.1.1 255.255.255.252
no ip redirection
no ip proxy-arp
IP mtu 9198
PIM sparse-mode IP
IP ospf message digest authentication
IP ospf authentication-7 key<>
IP ospf network point
IP ospf dead-interval minimum Hello - multiplier 3
IP ospf 1 zone 0
no service autoconfiguration mpls ldp igp

OSPF adjacency is in place and everything seems OK. Any idea?

Thank you

Pedro

Hi Pedro,

It is the actual config on the interface or you empty out the key?

IP ospf authentication-7 key<>

In addition, check your router upstream that it is configured to send the number to the right key. In the example below, the key is 1 and and it uses md5 with 7 encryption.

IP ospf message-digest-key 1 md5 7 xxxxxxxxx

-Mario

P.S. If you look at your error message, it is said that the interface has received the wrong key: % 4-OSPF-INVALIDKEY: Key ID 0 receipts on the BDI960 interface

3000 VPN concentrator using ospf md5 authentication failed

Hi all

I just tested ospf with a 3005 VPN connected with a cisco router using ospf md5 authentication, but fail. Cisco router, I can see neighbouring State ospf is "INIT", but can not see any connection VPN 3005, physical connection is good, ping can be reached between them. I tried the command "ip ospf authentication message-digest & ip ospf authentication-key ' and"ip ospf message-digest-key"command in the router the password is the same in both sides and the md5 id has been set. But when I use simple authentication or disable authentication that the neighbor relationship can ride. Any body met this case before? Thank you!

Best regards

Teru Lei

Hello

This is a known bug, I also met this before: CSCef38044

It is not possible to accumulate OSPF with newer versions of IOS, on which they'RE ability is enabled using MD5 hash neighborship. They'RE capa is activated somewhere of 12.2 T. This behavior can be found on CVPN 4.1.5 and above whose 4.7 also.

I tested it with several IOS and OS CVPN - same result. The symptom: router ospf neighborship remains in the State INIT/DROTHER.

Workaround is to configure the router:

router ospf 1

No they're ability

This will solve your problem.

Attila Suba

VTI & OSPF tunnel

Hi all

I have configured the interfaces of tunnel VTI (ipv4 ipsec tunnel mode) and OSPF on which interacts.

VTI is encrypt all traffic data. But what about the OSPF traffic?

Is encrypted as OSPF traffic or I need to configure OSPF authentication?

Thank you

OSPF Exchange is already encrypted inside the tunnel, so u don't have to use the ospf authentication. OSPF uses IPs of tunnel for the communications and traffic between these two addresses is possible only through the secure tunnel.

OSPF md5 on pix515 v6.3

Can someone show me where are the configuration examples showing how the actual ospf md5 key is configured on the pix firewall. (or command that allows this, the only one I can find involves a virtual link)

Hi neil

It must appear on the interface subcommand.

command:

Routing intf_name interface

subcommands:

touch key md5 OSPF message-digest-key id

OSPF authentication key password

OSPF authentication [message digest: null]

and a lot of other stuff too...

You can view the presentation of control "routing interface" commands on the following URL:

http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/PIX/pix_sw/v_63/cmdref/Mr.htm#wp1097803

I hope this helps... all the best.rate response (s), if considered useful...

REDA

I need help quick-PIX 515e worm. 6.3 (5)

I'm new to this Cisco product and I'm in a jam. I got to get this product operational tomorrow morning.

(Problem :) I've got communications running inside the firewall, and with an access list I can ping the outside world with success; However, if on the inside, behind the firewall, I can't see anything through a web browser. It's as if the traffic does not go through. Please help, what should I do?

Here's a copy of the current configuration:

6.3 (5) PIX version

interface ethernet0 car

Auto interface ethernet1

ethernet0 nameif outside security0

nameif ethernet1 inside the security100

enable password xxxx

passwd xxxx

pixfirewall hostname

domain ciscopix.com

clock timezone IS - 5

clock to summer time EDT recurring

fixup protocol dns-length maximum 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol 2000 skinny

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

object-group service Internet tcp - udp

Description of the group for Internet access

port-object eq echo

port-object eq www

area of port-object eq

interface icmp permit access-list inside_access_in inside the interface outside response to echo

interface icmp permit access-list inside_access_in inside the interface outside time limit

inside_access_in list of permitted access interface icmp inside the outside interface is inaccessible

inside_access_in tcp allowed access list any object-group Internet any newspaper Internet-Group of objects

inside_access_in tcp allowed access list any Internet host 208.50.85.161 object-group newspaper Internet object-group

pager lines 24

ICMP allow any inside

Outside 1500 MTU

Within 1500 MTU

IP address outside the 208.x.x.x.255.255.224

IP address inside 192.168.1.1 255.255.255.0

alarm action IP verification of information

alarm action attack IP audit

no failover

failover timeout 0:00:00

failover poll 15

No IP failover outdoors

No IP failover inside

208.50.x.x.x.255.255 PDM location outdoors

PDM logging 100 information

history of PDM activate

ARP timeout 14400

Global (outside) 10 192.168.1.3 - 192.168.1.254 netmask 255.255.255.0

Global (inside) 1 192.168.1.3 - 192.168.1.254

NAT (inside) 0-list of access inside_outbound_nat0_acl

NAT (inside) 10 0.0.0.0 0.0.0.0 0 0

inside_access_in access to the interface inside group

routing to the outside interface

OSPF authentication null

routing inside interface

OSPF authentication null

Route outside 0.0.0.0 0.0.0.0 208.50.85.161 1

Timeout xlate 03:00

Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225

H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00

Sip timeout - disconnect 0:02:00 prompt Protocol sip-0: 03:00

Timeout, uauth 0:05:00 absolute

GANYMEDE + Protocol Ganymede + AAA-server

AAA-server GANYMEDE + 3 max-failed-attempts

AAA-server GANYMEDE + deadtime 10

RADIUS Protocol RADIUS AAA server

AAA-server RADIUS 3 max-failed-attempts

AAA-RADIUS deadtime 10 Server

AAA-server local LOCAL Protocol

disable proxy-limit AAA

Enable http server

http 192.168.1.0 255.255.255.0 inside

No snmp Server contact

SNMP-server community

No trap to activate snmp Server

enable floodguard

Permitted connection ipsec sysopt

No.-xauth No.-config-mode

part of pre authentication ISAKMP policy 20

encryption of ISAKMP policy 20

ISAKMP policy 20 md5 hash

20 2 ISAKMP policy group

ISAKMP duration strategy of life 20 86400

Telnet timeout 5

SSH timeout 5

Console timeout 0

dhcpd address 192.168.1.2 - 192.168.1.254 inside

dhcpd dns 206.165.6.11 209.130.136.2

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd outside auto_config

dhcpd allow inside

Terminal width 80

Cryptochecksum:xxxx

: end

inside_access_in ip access list allow a whole

That's my guess.

Im a gui guy, never use the cli. Good luck

Twice NAT on Site at the tunnel with the same private networks.

Hello

Currently, I am trying to configure a Site to Site tunnel between an IOS router and an ASA 5505 running 9.1

When deprived of the IOS router subnet was 10.0.0.0/24 and the subnet private SAA was 172.16.1.0/24, it connected properly.

I'm now putting in place where the two private networks is 10.0.0.0/24 and objects network created, edited the ACL for interesting traffic and created the rule of NAT translation and twice, but the tunnels are not coming. I was hoping someone could shed some light on where I'm wrong.

There are route it (R1) IOS and ASA (F2). Between them is an Internet addresses asking the router which is just set up to allow both sides to achieve their WAN.

R1 and F2 have private network (10.0.0.0/24) need to communicate. Twice NAT can be done on the ASA to allow this, but I have to do something wrong. The way I understand it, is that the R1 should see traffic coming from 10.51.0.0/24 and send to this traffic. The ASA will have this traffic and the inside network should see it coming entering as 10.50.0.0/24. If F2's private network communicates with 10.50.0.0/24, and the private network R1 sends traffic to 10.51.0.0/24.

I turned on "Debug crypto ipsec" and "debug crypto isakmp" but no output is appear or give any indication that she is trying to establish anything.

Any help would be greatly appreciated! Thank you!

R1 #show run

version 12.4

hostname R1

crypto ISAKMP policy 50
BA 3des
preshared authentication
Group 2
address of cisco crypto isakmp 10.2.0.254 keys

Crypto ipsec transform-set esp-3des esp-sha-hmac L2L_SET

50 CRYPTO ipsec-isakmp crypto map
defined by peer 10.2.0.254
game of transformation-L2L_SET
match address CRYPTO

interface FastEthernet0/0
10.0.0.253 IP address 255.255.255.0
IP nat inside
IP virtual-reassembly
IP ospf message digest authentication
Cisco IP ospf authentication key
automatic duplex
automatic speed

interface FastEthernet0/1
IP 10.1.0.254 255.255.255.0
NAT outside IP
IP virtual-reassembly
IP ospf message digest authentication
Cisco IP ospf authentication key
automatic duplex
automatic speed
Crypto card CRYPTO

IP classless
IP route 0.0.0.0 0.0.0.0 10.1.0.253
IP route 10.2.0.0 255.255.255.0 10.1.0.253
!
!
IP http server
no ip http secure server
overload of IP nat inside source list SHEEP interface FastEthernet0/1
!
IP extended CRYPTO access list
Licensing ip 10.0.0.0 0.0.0.255 10.51.0.0 0.0.0.255
SHEEP extended IP access list
deny ip 10.0.0.0 0.0.0.255 10.51.0.0 0.0.0.255
allow an ip

=========================================================================

See the F2 # running
: Saved
:
ASA Version 9.1 (1)
!
hostname F2
activate 3a57ZsZ4Kgc.ZsL0 encrypted password
3a57ZsZ4Kgc.ZsL0 encrypted passwd
names of

interface Vlan1
nameif inside
security-level 100
IP 10.0.0.254 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP 10.2.0.254 255.255.255.0

network of the PRIVATE object
10.0.0.0 subnet 255.255.255.0

network of the PARTNER_PRIVATE object
10.0.0.0 subnet 255.255.255.0
network of the PARTNER_VPN_INBOUND object
10.50.0.0 subnet 255.255.255.0
network of the PARTNER_VPN_OUTBOUND object
10.51.0.0 subnet 255.255.255.0

Access extensive list permits all ip a OUTSIDE_IN
CRYPTO extended access list ip 10.0.0.0 allow 255.255.255.0 10.50.0.0 255.255.255.0

NAT static (inside, outside) PARTNER_VPN_OUTBOUND PRIVATE destination static source PARTNER_PRIVATE PARTNER_VPN_INBOUND
!
network of the PRIVATE object
NAT dynamic interface (indoor, outdoor)
Access-group OUTSIDE_IN in interface outside
Route outside 0.0.0.0 0.0.0.0 10.2.0.253 1
outdoor 10.1.0.0 255.255.255.0 10.2.0.253 1
the ssh LOCAL console AAA authentication

Crypto ipsec transform-set esp-3des esp-sha-hmac L2L_SET ikev1
Crypto ipsec pmtu aging infinite - the security association
crypto L2L_MAP 50 card matches the address CRYPTO
card crypto L2L_MAP 50 set peer 10.1.0.254
card crypto L2L_MAP 50 set transform-set L2L_SET ikev1
L2L_MAP interface card crypto outside
trustpool crypto ca policy
Crypto ikev1 allow outside
IKEv1 crypto policy 50
preshared authentication
3des encryption
sha hash
Group 2
life 86400

tunnel-group 10.1.0.254 type ipsec-l2l
IPSec-attributes tunnel-group 10.1.0.254
IKEv1 pre-shared-key *.
```
object network PRIVATE

    subnet 10.0.0.0 255.255.255.0
object network PARTNER_PRIVATE

    subnet 10.0.0.0 255.255.255.0

    object network PARTNER_VPN_INBOUND

    subnet 10.50.0.0 255.255.255.0

    object network PARTNER_VPN_OUTBOUND

    subnet 10.51.0.0 255.255.255.0
access-list OUTSIDE_IN extended permit ip any any

    access-list CRYPTO extended permit ip 10.0.0.0 255.255.255.0 10.50.0.0 255.255.255.0
nat (inside,outside) source static PRIVATE PARTNER_VPN_OUTBOUND destination static PARTNER_PRIVATE PARTNER_VPN_INBOUND
```
Here in nat rule u use subnet PARTNER_PRIVATE, which is the same as a local, so the devices never send this traffic to the ASA, cause they know that this subnet (10.0.0.0/24) is in their local subnet. Therefore, you must write the nat rule in this way (i.e. the change of objects Web places):
```
nat (inside,outside) source static PRIVATE PARTNER_VPN_OUTBOUND destination

static  PARTNER_VPN_INBOUND PARTNER_PRIVATE
```
So the hosts on the subnet behind ASA will see the hosts on the subnet behind SRI as 10.50.0.0/24 and trying to reach the subnet behind SRI, you must use the 10.50.0.x one-to-one wich addresses correspond to 10.0.0.x it.

In addition, your proxy-acl on asa must use post-nat addresses, which should look like this:

IP 10.51.0.0 allow CRYPTO access list 255.255.255.0 10.0.0.0 255.255.255.0

FlexVPN and OSPF question

I have a problem with rountig OSPF on the routers configured in the hub-and-spoke topology.

One question is on a course that OSPF don't advertise hub to rays.

Created on a hub, router subnets are not seen on the rays, but new added subnet on talk appears in the table of routing hub.

The addition of broadcast command network ip ospf on a virtual-template interface hub causes OSPF adjacency downstairs.

Also, EIGRP works very well.

A that someone has experienced this problem with OSPF.

Please, look at a few config below;

-----------------------HUB-------------------------------

IKEv2 crypto by default authorization policy

Road enabled interface

!

Crypto ikev2 proposal ikev2_prop

encryption aes-cbc-256

integrity sha512

Group 16

!

IKEv2 crypto policy ikev2_policy

proposal ikev2_prop

!

Crypto ikev2 keyring Flex_key

Rays peer

address 192.168.50.197

pre-shared key local 12345

pre-shared key remote 12345

!

peer RTB

address 192.168.50.199

pre-shared key local 12345

pre-shared key remote 12345

!

Profile of ikev2 crypto Flex_IKEv2

match one address remote identity 192.168.50.197 255.255.255.255

match one address remote identity 192.168.50.199 255.255.255.255

sharing front of remote authentication

sharing of local meadow of authentication

local Flex_key keychain

virtual-model 1

!

no default isakmp crypto policy

!

Crypto ipsec transform-set esp - aes 256 esp-sha512-hmac ipsec_trans

tunnel mode

!

by default the crypto ipsec profile

Set transform-set ipsec_trans

Flex_IKEv2 Set ikev2-profile

!

interface Loopback1

address 172.16.10.1 IP 255.255.255.0

IP ospf 10 area 0

!

interface Loopback10

10.1.1.1 IP address 255.255.255.0

IP ospf 10 area 0

!

interface Loopback50

IP 50.1.1.1 255.255.255.0

IP 10 50 ospf area

!

the Embedded-Service-Engine0/0 interface

no ip address

!

interface GigabitEthernet0/1

bandwidth 100000

IP 192.168.50.198 255.255.255.0

automatic duplex

automatic speed

!

type of interface virtual-Template1 tunnel

IP unnumbered Loopback1

IP 1400 MTU

IP tcp adjust-mss 1360

source of tunnel GigabitEthernet0/1

ipv4 ipsec tunnel mode

tunnel path-mtu-discovery

tunnel protection ipsec default profile

!

router ospf 10

redistribute connected subnets

Network 10.1.1.0 0.0.0.255 area 0

SH cryp ike his

IPv4 Crypto IKEv2 SA

Tunnel-id Local Remote fvrf/ivrf status

1 192.168.50.198/500 192.168.50.197/500 no/no LOAN

BA: AES - CBC, keysize: 256, Hash: SHA512, DH Grp:16, Auth sign: PSK, Auth check: PSK

Duration of life/active: 86400/77565 sec

Tunnel-id Local Remote fvrf/ivrf status

2 192.168.50.198/500 192.168.50.199/500 no/no LOAN

BA: AES - CBC, keysize: 256, Hash: SHA512, DH Grp:16, Auth sign: PSK, Auth check: PSK

Duration of life/active: 86400/77542 sec

IPv6 Crypto IKEv2 SA

SH ip rou

S * 0.0.0.0/0 [1/0] via 192.168.50.1

10.0.0.0/8 is variably divided into subnets, 2 subnets, 2 masks

C 10.1.1.0/24 is directly connected, Loopback10

L 10.1.1.1/32 is directly connected, Loopback10

50.0.0.0/8 is variably divided into subnets, 2 subnets, 2 masks

C 50.1.1.0/24 is directly connected, Loopback50

L 50.1.1.1/32 is directly connected, Loopback50

100.0.0.0/32 is divided into subnets, subnets 1

AI 100.1.1.1 [110/2] via 172.16.10.254, 21:32:58, Virtual Network1

172.16.0.0/16 is variably divided into subnets, 2 subnets, 2 masks

172.16.10.0/24 C is directly connected, Loopback1

L 172.16.10.1/32 is directly connected, Loopback1

192.168.50.0/24 is variably divided into subnets, 2 subnets, 2 masks

C 192.168.50.0/24 is directly connected, GigabitEthernet0/1

The 192.168.50.198/32 is directly connected, GigabitEthernet0/1

200.1.1.0/32 is divided into subnets, subnets 1

AI 200.1.1.1 [110/2] via 172.16.10.253, 21:32:38, Access2-virtual

201.1.1.0/32 is divided into subnets, subnets 1

AI 201.1.1.1 [110/2] via 172.16.10.253, 21:32:38, Access2-virtual

220.1.1.0/32 is divided into subnets, subnets 1

AI 220.1.1.1 [110/2] via 172.16.10.253, 00:06:11, Access2-virtual

---------------------------SPOKE---------------------------------------------

Crypto ikev2 proposal ikev2_prop

encryption aes-cbc-256

integrity sha512

Group 16

!

IKEv2 crypto policy ikev2_policy

proposal ikev2_prop

!

Crypto ikev2 keyring Flex_key

Rays peer

address 192.168.50.198

pre-shared key local 12345

pre-shared key remote 12345

!

Profile of ikev2 crypto Flex_IKEv2

match one address remote identity 192.168.50.198 255.255.255.0

sharing front of remote authentication

sharing of local meadow of authentication

local Flex_key keychain

virtual-model 1

!

no default isakmp crypto policy

!

!

Crypto ipsec transform-set esp - aes 256 esp-sha512-hmac ipsec_trans

tunnel mode

!

by default the crypto ipsec profile

Set transform-set ipsec_trans

Flex_IKEv2 Set ikev2-profile

!

interface Loopback200

200.1.1.1 IP address 255.255.255.0

IP ospf 10 200 area

!

interface Loopback201

IP 201.1.1.1 255.255.255.0

IP ospf 10 201 area

!

interface Loopback220

IP 220.1.1.1 255.255.255.0

IP ospf 10 220 area

!

Tunnel1 interface

IP 172.16.10.253 255.255.255.0

IP 1400 MTU

IP tcp adjust-mss 1360

source of tunnel GigabitEthernet0/1

ipv4 ipsec tunnel mode

tunnel destination 192.168.50.198

tunnel path-mtu-discovery

tunnel protection ipsec shared default profile

!

interface GigabitEthernet0/1

IP 192.168.50.199 255.255.255.0

automatic duplex

automatic speed

!

router ospf 10

network 172.16.10.0 0.0.0.255 area 0

SH cryp ike his

IPv4 Crypto IKEv2 SA

Tunnel-id Local Remote fvrf/ivrf status

1 192.168.50.199/500 192.168.50.198/500 no/no LOAN

BA: AES - CBC, keysize: 256, Hash: SHA512, DH Grp:16, Auth sign: PSK, Auth check: PSK

Duration of life/active: 77852/86400 sec

IPv6 Crypto IKEv2 SA

SH ip route

S * 0.0.0.0/0 [1/0] via 192.168.50.1

172.16.0.0/16 is variably divided into subnets, 2 subnets, 2 masks

172.16.10.0/24 C is directly connected, Tunnel1

L 172.16.10.253/32 is directly connected, Tunnel1

192.168.50.0/24 is variably divided into subnets, 2 subnets, 2 masks

C 192.168.50.0/24 is directly connected, GigabitEthernet0/1

The 192.168.50.199/32 is directly connected, GigabitEthernet0/1

200.1.1.0/24 is variably divided into subnets, 2 subnets, 2 masks

C 200.1.1.0/24 is directly connected, Loopback200

L 200.1.1.1/32 is directly connected, Loopback200

201.1.1.0/24 is variably divided into subnets, 2 subnets, 2 masks

C 201.1.1.0/24 is directly connected, Loopback201

L 201.1.1.1/32 is directly connected, Loopback201

220.1.1.0/24 is variably divided into subnets, 2 subnets, 2 masks

C 220.1.1.0/24 is directly connected, Loopback220

L 220.1.1.1/32 is directly connected, Loopback220

SH ip ospf database ro 172.16.10.1

Router OSPF with ID (200.1.1.1) (the process ID of 10)

Router link States (zone 0)

ADV router is accessible via is not in the Base with MTID topology 0

LS age: 336

Options: (no TOS-capability, DC)

LS type: Router links

Link state ID: 172.16.10.1

Advertising router: 172.16.10.1

LS number of Seq: 80000065

Checksum: 0x4B6E

Length: 60

Area border router

ROUTER limits

Number of links: 3

Link to: a Stub network

(Link ID) Network/subnet number: 10.1.1.1

(Data link) Network mask: 255.255.255.255

Number of parameters MTID: 0

TOS 0 metric: 1

Link to: another router (point to point)

(Link ID) Neighbors router ID: 100.1.1.1

(Data link) Address of the router Interface: 0.0.0.18

Number of parameters MTID: 0

TOS 0 metric: 1

Link to: another router (point to point)

(Link ID) The router ID neighbors: 200.1.1.1

(Data link) Address of the router Interface: 0.0.0.17

Number of parameters MTID: 0

TOS 0 metric: 1

Kamil,

A tunnel in this deployment (and VT / going also) is an interface point to point, there is really no good reason to keep anything other than 32 (I might not be aware of some subtleties in more complex deployment).

'Set interface route' is your greatest friend ;-)

M.

CISCO 3750: OSPF interface IP unnumbered

Hi Expert,

This is the first time that I'm working on OSPF and IP Unnumbered interfaces.

My task is to adjacencies OSPF put forward two switches CISCO 3750 connected back-to-back by IP of interfaces not numbered. I use the loopback interface to borrow the IP addresses for the interfaces not numbered on both CISCO switches. After trying so many times, OSPF is not at all to come through Unnumbered interfaces but when tried with numbered interface was fine.

I'm pasting here complete running-config. Please help me to solve the problem:

Here is the brief info put in place:

R1(Gi1/0/19) - R (article gi1/0/19)

Swicth R1:

===========

Current configuration: 2129 bytes

!

version 12.2

no service button

horodateurs service debug datetime msec

Log service timestamps datetime msec

no password encryption service

!

Switch host name

!

boot-start-marker

boot-end-marker

!

!

No aaa new-model

1 supply ws-c3750g-24ts-1u switch

mtu 1500 routing system

IP subnet zero

IP routing

!

!

!

!

!

!

!

!

!

!

pvst spanning-tree mode

spanning tree extend id-system

!

internal allocation policy of VLAN ascendant

!

!

!

!

interface Loopback1

IP 10.10.10.10 address 255.255.255.0

!

GigabitEthernet1/0/1 interface

Shutdown

!

interface GigabitEthernet1/0/2

Shutdown

!

interface GigabitEthernet1/0/3

Shutdown

!

interface GigabitEthernet1/0/4

Shutdown

!

interface GigabitEthernet1/0/5

Shutdown

!

interface GigabitEthernet1/0/6

Shutdown

!

interface GigabitEthernet1/0/7

Shutdown

!

interface GigabitEthernet1/0/8

Shutdown

!

interface GigabitEthernet1/0/9

Shutdown

!

interface GigabitEthernet1/0/10

Shutdown

!

interface GigabitEthernet1/0/11

Shutdown

!

interface GigabitEthernet1/0/12

Shutdown

!

interface GigabitEthernet1/0/13

Shutdown

!

interface GigabitEthernet1/0/14

Shutdown

!

interface GigabitEthernet1/0/15

Shutdown

!

interface GigabitEthernet1/0/16

Shutdown

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

Shutdown

!

interface GigabitEthernet1/0/19

No switchport

IP unnumbered Loopback1

IP ospf network point

!

interface GigabitEthernet1/0/20

Shutdown

!

interface GigabitEthernet1/0/21

Shutdown

!

interface GigabitEthernet1/0/22

Shutdown

!

interface GigabitEthernet1/0/23

Shutdown

!

interface GigabitEthernet1/0/24

Shutdown

!

interface GigabitEthernet1/0/25

!

interface GigabitEthernet1/0/26

!

interface GigabitEthernet1/0/27

!

interface GigabitEthernet1/0/28

!

interface Vlan1

no ip address

Shutdown

!

router ospf 100

router ID - 100.100.100.100

Log-adjacency-changes

Network 10.10.10.0 0.0.0.255 area 0

!

IP classless

IP route 20.20.20.20 255.255.255.255 GigabitEthernet1/0/19

IP http server

IP http secure server

!

!

!

control plan

!

!

Line con 0

line vty 5 15

!

!

control the source session interface 1 item in gi1/0/19

control interface of destination session 1 item in gi1/0/17

end

===

The #show switch ip interface brief | include the

The #show switch ip interface brief | include the

GigabitEthernet1/0/17 no undefined upward down YES

GigabitEthernet1/0/19 10.10.10.10 YES manual up up

Loopback1 10.10.10.10 YES manual up up

==================================================

Switch R2:

==================

Switch #sho run

Switch #sho running-config

Building configuration...

Current configuration: 2079 bytes

!

version 12.2

no service button

horodateurs service debug datetime msec

Log service timestamps datetime msec

no password encryption service

!

Switch host name

!

boot-start-marker

boot-end-marker

!

!

!

!

No aaa new-model

switch 1 supply ws-c3750g-24 t

mtu 1500 routing system

allow authentication mac-move

IP subnet zero

IP routing

!

!

!

!

!

!

!

!

pvst spanning-tree mode

spanning tree etherchannel guard misconfig

spanning tree extend id-system

!

internal allocation policy of VLAN ascendant

!

!

!

!

interface Loopback1

IP 20.20.20.20 255.255.255.0

!

GigabitEthernet1/0/1 interface

Shutdown

!

interface GigabitEthernet1/0/2

Shutdown

!

interface GigabitEthernet1/0/3

Shutdown

!

interface GigabitEthernet1/0/4

Shutdown

!

interface GigabitEthernet1/0/5

Shutdown

!

interface GigabitEthernet1/0/6

Shutdown

!

interface GigabitEthernet1/0/7

Shutdown

!

interface GigabitEthernet1/0/8

Shutdown

!

interface GigabitEthernet1/0/9

Shutdown

!

interface GigabitEthernet1/0/10

Shutdown

!

interface GigabitEthernet1/0/11

Shutdown

!

interface GigabitEthernet1/0/12

Shutdown

!

interface GigabitEthernet1/0/13

Shutdown

!

interface GigabitEthernet1/0/14

Shutdown

!

interface GigabitEthernet1/0/15

Shutdown

!

interface GigabitEthernet1/0/16

Shutdown

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

Shutdown

!

interface GigabitEthernet1/0/19

No switchport

IP unnumbered Loopback1

IP ospf network point

!

interface GigabitEthernet1/0/20

Shutdown

!

interface GigabitEthernet1/0/21

Shutdown

!

interface GigabitEthernet1/0/22

Shutdown

!

interface GigabitEthernet1/0/23

Shutdown

!

interface GigabitEthernet1/0/24

Shutdown

!

interface Vlan1

no ip address

Shutdown

!

router ospf 100

router ID - 200.200.200.200

Log-adjacency-changes

network 20.20.20.0 0.0.0.255 area 0

!

IP classless

Route IP 10.10.10.10 255.255.255.255 GigabitEthernet1/0/19

IP http server

IP http secure server

!

!

activate the IP sla response alerts

!

!

!

Line con 0

line vty 5 15

!

!

control the source session interface 1 item in gi1/0/19

control interface of destination session 1 item in gi1/0/17

end

====================

The #sho switch ip interface brief | include the

GigabitEthernet1/0/17 no undefined upward down YES

20.20.20.20 GigabitEthernet1/0/19 YES manual up up

Loopback1 20.20.20.20 YES manual up up

====================================

Thank you very much in advance for your answer!

Kind regards

Aerts

Hi AEK.

the IP unnumbered command does not work on multiaccess-interfaces such as Ethernet (even when you set it up as a point-to-point OSPF):

Understand and configure the IP without order number

Cisco IOS IP Addressing Services Command Reference #ip unnumberd

HTH

Rolf

[EDIT]:

... apparently, with the exception of high range as the 6 k platforms:

Order history

(...)

12.2 (18) SXF: this command has been modified to support the physical Ethernet interfaces and switched virtual interfaces (LASS).

Phone verification (two-factor authentication) on Sierra is not available in Bangladesh

I upgraded to El Capitan in macOS Sierra today. But when I tried to set up two mobile verification or authentication my country (Bangladesh) was not listed there. I was wondering why this service is not available here in Bangladesh? Please give me a solution for telephone based it services.

If it is not supported in your country, then I'm afraid you're out of luck. As to why, you have to ask Apple https://getsupport.apple.com/ instead we support single users in these Community Forums.

Two-factor authentication

On my iMac after Sierra was an option to unlock with Apple Watch (security preferences panel). I click it and it says I need to disable the verification of two factor and enable two-factor authentication. Fine.

Did. Now the option to activate Apple Watch unlock on the mac has disappeared.

It works on my other Mac but not the iMac.

Also in the preferences to iCloud account, then on devices, I see that my Apple Watch can be used to receive the codes!

Someone knows how to fix these?

Tried to run iCloud power switch, disconnect the watch and repair, restart everything.

Just to be clear, the Mac is capable of auto unlock, it's an iMac end of 2015 and system report confirms it is compatible.

The apple support page also suggests watches should be able to receive the codes:

Can I choose my device of trust preferred to iCloud two-factor authentication?

I've recently implemented Icloud two-factor authentication, because I love the he adds extra security.

As usual, I have my macbook on me, I also have to log on windows pc, every now and then.

Unfortunately, ICloud chooses my headless mac mini which I use as a server at home instead of my laptop or Iphone.

I would like to stop receiving the confirmation on this machine code, everyone was faced with a similar problem?

If so how to solve it?

Codes to go to all the secure devices.

Of course, you can trust features remove at any time.

When you try to configure the authentication of two step my location appears as a bad place

Hi, I'm trying to implement the authentication of two floors on all my devices, however when I do this I get a message on another device connected in iCloud saying that another device is trying to connect in icloud to a display location near London, I don't live in London but.

Could someone help?

I'm having the same problem! Having the two devices in front of me, but have the message saying that another device tries to log on to London? I also don't live anywhere near London, I recently updated my email ID well and it's the old e-mail ID that requires authentication?

Sorry I can not help but hoping someone else has an answer us?

Zambia - two-factor authentication

I wanted to set up authentication two factor for my access iCloud. Zambia does not appear on the drop-down list numbering country codes, so I couldn't continue. Any ideas in addition to a password?

I've wanted to do this to the attention of Apple support, but fell select my position as Zambia was not an option under the Africa/Middle East. (I'm sure I did contact the Apple Support before...)

What subject of audit in two steps instead, though of course it is available for your country?

Check whether or not the magsafe power adapter is authentic

Hello! I bought some 60 W MagSafe 2 Power adapter MD565CH/A, 85 W MagSafe 2 Power adapter MD506CH/A & 45 W MagSafe 2 Power adapter MD592CH/A but the serial number in each category is same for example there are 10 units for 60 W & all have the same serial number. I have a doubt, be they authentic shape Apple or not. Kindly help.

You will need to call Apple for confirmation.

OSPF authentication

Similar Questions

Maybe you are looking for