OSPF authentication
I can't get a PIX 515E to form an adjacency with MSFC2 router using md5 authentication. MSFC2 goes from exstart to complain about too many broadcasts of dbd.
OK, thanks for checking out this. Looks like CSCeb77142 to me. Go ahead and open a TAC and request that the post of engineer the last 6.3 (3) provisional release for you. Give that a shot and let me know.
Scott
Tags: Cisco Security
Similar Questions
-
ASR900 - OSPF-4-NOVALIDKEY: no valid authentication send button is available on the interface
Hello
I have a few ASR902 running 15.4 (3) S1, where I see a lot of following messages:
225908: 13:22:19.850 Feb 16 AST: OSPF-4-NOVALIDKEY %: no send to valid authentication key is available on the BDI960 interface
225909: 13:22:36.571 Feb 16 AST: % 4-OSPF-INVALIDKEY: Key ID 0 receipts on the BDI960 interface
225910: 13:23:19.921 Feb 16 AST: OSPF-4-NOVALIDKEY %: no send to valid authentication key is available on the BDI960 interface
225911: 13:23:36.751 Feb 16 AST: % 4-OSPF-INVALIDKEY: Key ID 0 receipts on the BDI960 interface
225912: 13:24:20.213 Feb 16 AST: OSPF-4-NOVALIDKEY %: no send to valid authentication key is available on the BDI960 interface
225913: 13:24:36.819 Feb 16 AST: % 4-OSPF-INVALIDKEY: Key ID 0 receipts on the BDI960 interface
225914: 13:25:20.304 Feb 16 AST: OSPF-4-NOVALIDKEY %: no send to valid authentication key is available on the BDI960 interfaceApplied to the interface configuration is the following:
interface BDI960
IP 10.1.1.1 255.255.255.252
no ip redirection
no ip proxy-arp
IP mtu 9198
PIM sparse-mode IP
IP ospf message digest authentication
IP ospf authentication-7 key<>
IP ospf network point
IP ospf dead-interval minimum Hello - multiplier 3
IP ospf 1 zone 0
no service autoconfiguration mpls ldp igpOSPF adjacency is in place and everything seems OK. Any idea?
Thank you
Pedro
Hi Pedro,
It is the actual config on the interface or you empty out the key?
IP ospf authentication-7 key<>
In addition, check your router upstream that it is configured to send the number to the right key. In the example below, the key is 1 and and it uses md5 with 7 encryption.
IP ospf message-digest-key 1 md5 7 xxxxxxxxx
-Mario
P.S. If you look at your error message, it is said that the interface has received the wrong key: % 4-OSPF-INVALIDKEY: Key ID 0 receipts on the BDI960 interface
-
3000 VPN concentrator using ospf md5 authentication failed
Hi all
I just tested ospf with a 3005 VPN connected with a cisco router using ospf md5 authentication, but fail. Cisco router, I can see neighbouring State ospf is "INIT", but can not see any connection VPN 3005, physical connection is good, ping can be reached between them. I tried the command "ip ospf authentication message-digest & ip ospf authentication-key ' and"ip ospf message-digest-key"command in the router the password is the same in both sides and the md5 id has been set. But when I use simple authentication or disable authentication that the neighbor relationship can ride. Any body met this case before? Thank you!
Best regards
Teru Lei
Hello
This is a known bug, I also met this before: CSCef38044
It is not possible to accumulate OSPF with newer versions of IOS, on which they'RE ability is enabled using MD5 hash neighborship. They'RE capa is activated somewhere of 12.2 T. This behavior can be found on CVPN 4.1.5 and above whose 4.7 also.
I tested it with several IOS and OS CVPN - same result. The symptom: router ospf neighborship remains in the State INIT/DROTHER.
Workaround is to configure the router:
router ospf 1
No they're ability
This will solve your problem.
Attila Suba
-
Hi all
I have configured the interfaces of tunnel VTI (ipv4 ipsec tunnel mode) and OSPF on which interacts.
VTI is encrypt all traffic data. But what about the OSPF traffic?
Is encrypted as OSPF traffic or I need to configure OSPF authentication?
Thank you
OSPF Exchange is already encrypted inside the tunnel, so u don't have to use the ospf authentication. OSPF uses IPs of tunnel for the communications and traffic between these two addresses is possible only through the secure tunnel.
-
OSPF md5 on pix515 v6.3
Can someone show me where are the configuration examples showing how the actual ospf md5 key is configured on the pix firewall. (or command that allows this, the only one I can find involves a virtual link)
Hi neil
It must appear on the interface subcommand.
command:
Routing intf_name interface
subcommands:
touch key md5 OSPF message-digest-key id
OSPF authentication key password
OSPF authentication [message digest: null]
and a lot of other stuff too...
You can view the presentation of control "routing interface" commands on the following URL:
http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/PIX/pix_sw/v_63/cmdref/Mr.htm#wp1097803
I hope this helps... all the best.rate response (s), if considered useful...
REDA
-
I need help quick-PIX 515e worm. 6.3 (5)
I'm new to this Cisco product and I'm in a jam. I got to get this product operational tomorrow morning.
(Problem :) I've got communications running inside the firewall, and with an access list I can ping the outside world with success; However, if on the inside, behind the firewall, I can't see anything through a web browser. It's as if the traffic does not go through. Please help, what should I do?
Here's a copy of the current configuration:
6.3 (5) PIX version
interface ethernet0 car
Auto interface ethernet1
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
enable password xxxx
passwd xxxx
pixfirewall hostname
domain ciscopix.com
clock timezone IS - 5
clock to summer time EDT recurring
fixup protocol dns-length maximum 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol 2000 skinny
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
object-group service Internet tcp - udp
Description of the group for Internet access
port-object eq echo
port-object eq www
area of port-object eq
interface icmp permit access-list inside_access_in inside the interface outside response to echo
interface icmp permit access-list inside_access_in inside the interface outside time limit
inside_access_in list of permitted access interface icmp inside the outside interface is inaccessible
inside_access_in tcp allowed access list any object-group Internet any newspaper Internet-Group of objects
inside_access_in tcp allowed access list any Internet host 208.50.85.161 object-group newspaper Internet object-group
pager lines 24
ICMP allow any inside
Outside 1500 MTU
Within 1500 MTU
IP address outside the 208.x.x.x.255.255.224
IP address inside 192.168.1.1 255.255.255.0
alarm action IP verification of information
alarm action attack IP audit
no failover
failover timeout 0:00:00
failover poll 15
No IP failover outdoors
No IP failover inside
208.50.x.x.x.255.255 PDM location outdoors
PDM logging 100 information
history of PDM activate
ARP timeout 14400
Global (outside) 10 192.168.1.3 - 192.168.1.254 netmask 255.255.255.0
Global (inside) 1 192.168.1.3 - 192.168.1.254
NAT (inside) 0-list of access inside_outbound_nat0_acl
NAT (inside) 10 0.0.0.0 0.0.0.0 0 0
inside_access_in access to the interface inside group
routing to the outside interface
OSPF authentication null
routing inside interface
OSPF authentication null
Route outside 0.0.0.0 0.0.0.0 208.50.85.161 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225
H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00
Sip timeout - disconnect 0:02:00 prompt Protocol sip-0: 03:00
Timeout, uauth 0:05:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
AAA-server GANYMEDE + 3 max-failed-attempts
AAA-server GANYMEDE + deadtime 10
RADIUS Protocol RADIUS AAA server
AAA-server RADIUS 3 max-failed-attempts
AAA-RADIUS deadtime 10 Server
AAA-server local LOCAL Protocol
disable proxy-limit AAA
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp Server contact
SNMP-server community
No trap to activate snmp Server
enable floodguard
Permitted connection ipsec sysopt
No.-xauth No.-config-mode
part of pre authentication ISAKMP policy 20
encryption of ISAKMP policy 20
ISAKMP policy 20 md5 hash
20 2 ISAKMP policy group
ISAKMP duration strategy of life 20 86400
Telnet timeout 5
SSH timeout 5
Console timeout 0
dhcpd address 192.168.1.2 - 192.168.1.254 inside
dhcpd dns 206.165.6.11 209.130.136.2
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd outside auto_config
dhcpd allow inside
Terminal width 80
Cryptochecksum:xxxx
: end
inside_access_in ip access list allow a whole
That's my guess.
Im a gui guy, never use the cli. Good luck
-
Twice NAT on Site at the tunnel with the same private networks.
Hello
Currently, I am trying to configure a Site to Site tunnel between an IOS router and an ASA 5505 running 9.1
When deprived of the IOS router subnet was 10.0.0.0/24 and the subnet private SAA was 172.16.1.0/24, it connected properly.
I'm now putting in place where the two private networks is 10.0.0.0/24 and objects network created, edited the ACL for interesting traffic and created the rule of NAT translation and twice, but the tunnels are not coming. I was hoping someone could shed some light on where I'm wrong.
There are route it (R1) IOS and ASA (F2). Between them is an Internet addresses asking the router which is just set up to allow both sides to achieve their WAN.
R1 and F2 have private network (10.0.0.0/24) need to communicate. Twice NAT can be done on the ASA to allow this, but I have to do something wrong. The way I understand it, is that the R1 should see traffic coming from 10.51.0.0/24 and send to this traffic. The ASA will have this traffic and the inside network should see it coming entering as 10.50.0.0/24. If F2's private network communicates with 10.50.0.0/24, and the private network R1 sends traffic to 10.51.0.0/24.
I turned on "Debug crypto ipsec" and "debug crypto isakmp" but no output is appear or give any indication that she is trying to establish anything.
Any help would be greatly appreciated! Thank you!
R1 #show run
version 12.4
hostname R1
crypto ISAKMP policy 50
BA 3des
preshared authentication
Group 2
address of cisco crypto isakmp 10.2.0.254 keysCrypto ipsec transform-set esp-3des esp-sha-hmac L2L_SET
50 CRYPTO ipsec-isakmp crypto map
defined by peer 10.2.0.254
game of transformation-L2L_SET
match address CRYPTOinterface FastEthernet0/0
10.0.0.253 IP address 255.255.255.0
IP nat inside
IP virtual-reassembly
IP ospf message digest authentication
Cisco IP ospf authentication key
automatic duplex
automatic speedinterface FastEthernet0/1
IP 10.1.0.254 255.255.255.0
NAT outside IP
IP virtual-reassembly
IP ospf message digest authentication
Cisco IP ospf authentication key
automatic duplex
automatic speed
Crypto card CRYPTOIP classless
IP route 0.0.0.0 0.0.0.0 10.1.0.253
IP route 10.2.0.0 255.255.255.0 10.1.0.253
!
!
IP http server
no ip http secure server
overload of IP nat inside source list SHEEP interface FastEthernet0/1
!
IP extended CRYPTO access list
Licensing ip 10.0.0.0 0.0.0.255 10.51.0.0 0.0.0.255
SHEEP extended IP access list
deny ip 10.0.0.0 0.0.0.255 10.51.0.0 0.0.0.255
allow an ip=========================================================================
See the F2 # running
: Saved
:
ASA Version 9.1 (1)
!
hostname F2
activate 3a57ZsZ4Kgc.ZsL0 encrypted password
3a57ZsZ4Kgc.ZsL0 encrypted passwd
names ofinterface Vlan1
nameif inside
security-level 100
IP 10.0.0.254 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP 10.2.0.254 255.255.255.0network of the PRIVATE object
10.0.0.0 subnet 255.255.255.0network of the PARTNER_PRIVATE object
10.0.0.0 subnet 255.255.255.0
network of the PARTNER_VPN_INBOUND object
10.50.0.0 subnet 255.255.255.0
network of the PARTNER_VPN_OUTBOUND object
10.51.0.0 subnet 255.255.255.0Access extensive list permits all ip a OUTSIDE_IN
CRYPTO extended access list ip 10.0.0.0 allow 255.255.255.0 10.50.0.0 255.255.255.0NAT static (inside, outside) PARTNER_VPN_OUTBOUND PRIVATE destination static source PARTNER_PRIVATE PARTNER_VPN_INBOUND
!
network of the PRIVATE object
NAT dynamic interface (indoor, outdoor)
Access-group OUTSIDE_IN in interface outside
Route outside 0.0.0.0 0.0.0.0 10.2.0.253 1
outdoor 10.1.0.0 255.255.255.0 10.2.0.253 1
the ssh LOCAL console AAA authenticationCrypto ipsec transform-set esp-3des esp-sha-hmac L2L_SET ikev1
Crypto ipsec pmtu aging infinite - the security association
crypto L2L_MAP 50 card matches the address CRYPTO
card crypto L2L_MAP 50 set peer 10.1.0.254
card crypto L2L_MAP 50 set transform-set L2L_SET ikev1
L2L_MAP interface card crypto outside
trustpool crypto ca policy
Crypto ikev1 allow outside
IKEv1 crypto policy 50
preshared authentication
3des encryption
sha hash
Group 2
life 86400tunnel-group 10.1.0.254 type ipsec-l2l
IPSec-attributes tunnel-group 10.1.0.254
IKEv1 pre-shared-key *.object network PRIVATE
subnet 10.0.0.0 255.255.255.0object network PARTNER_PRIVATE
subnet 10.0.0.0 255.255.255.0
object network PARTNER_VPN_INBOUND
subnet 10.50.0.0 255.255.255.0
object network PARTNER_VPN_OUTBOUND
subnet 10.51.0.0 255.255.255.0access-list OUTSIDE_IN extended permit ip any any
access-list CRYPTO extended permit ip 10.0.0.0 255.255.255.0 10.50.0.0 255.255.255.0nat (inside,outside) source static PRIVATE PARTNER_VPN_OUTBOUND destination static PARTNER_PRIVATE PARTNER_VPN_INBOUND
Here in nat rule u use subnet PARTNER_PRIVATE, which is the same as a local, so the devices never send this traffic to the ASA, cause they know that this subnet (10.0.0.0/24) is in their local subnet. Therefore, you must write the nat rule in this way (i.e. the change of objects Web places):
nat (inside,outside) source static PRIVATE PARTNER_VPN_OUTBOUND destination
static PARTNER_VPN_INBOUND PARTNER_PRIVATESo the hosts on the subnet behind ASA will see the hosts on the subnet behind SRI as 10.50.0.0/24 and trying to reach the subnet behind SRI, you must use the 10.50.0.x one-to-one wich addresses correspond to 10.0.0.x it.
In addition, your proxy-acl on asa must use post-nat addresses, which should look like this:
IP 10.51.0.0 allow CRYPTO access list 255.255.255.0 10.0.0.0 255.255.255.0
-
I have a problem with rountig OSPF on the routers configured in the hub-and-spoke topology.
One question is on a course that OSPF don't advertise hub to rays.
Created on a hub, router subnets are not seen on the rays, but new added subnet on talk appears in the table of routing hub.
The addition of broadcast command network ip ospf on a virtual-template interface hub causes OSPF adjacency downstairs.
Also, EIGRP works very well.
A that someone has experienced this problem with OSPF.
Please, look at a few config below;
-----------------------HUB-------------------------------
IKEv2 crypto by default authorization policy
Road enabled interface
!
Crypto ikev2 proposal ikev2_prop
encryption aes-cbc-256
integrity sha512
Group 16
!
IKEv2 crypto policy ikev2_policy
proposal ikev2_prop
!
Crypto ikev2 keyring Flex_key
Rays peer
address 192.168.50.197
pre-shared key local 12345
pre-shared key remote 12345
!
peer RTB
address 192.168.50.199
pre-shared key local 12345
pre-shared key remote 12345
!
Profile of ikev2 crypto Flex_IKEv2
match one address remote identity 192.168.50.197 255.255.255.255
match one address remote identity 192.168.50.199 255.255.255.255
sharing front of remote authentication
sharing of local meadow of authentication
local Flex_key keychain
virtual-model 1
!
no default isakmp crypto policy
!
Crypto ipsec transform-set esp - aes 256 esp-sha512-hmac ipsec_trans
tunnel mode
!
by default the crypto ipsec profile
Set transform-set ipsec_trans
Flex_IKEv2 Set ikev2-profile
!
interface Loopback1
address 172.16.10.1 IP 255.255.255.0
IP ospf 10 area 0
!
interface Loopback10
10.1.1.1 IP address 255.255.255.0
IP ospf 10 area 0
!
interface Loopback50
IP 50.1.1.1 255.255.255.0
IP 10 50 ospf area
!
the Embedded-Service-Engine0/0 interface
no ip address
!
interface GigabitEthernet0/1
bandwidth 100000
IP 192.168.50.198 255.255.255.0
automatic duplex
automatic speed
!
type of interface virtual-Template1 tunnel
IP unnumbered Loopback1
IP 1400 MTU
IP tcp adjust-mss 1360
source of tunnel GigabitEthernet0/1
ipv4 ipsec tunnel mode
tunnel path-mtu-discovery
tunnel protection ipsec default profile
!
router ospf 10
redistribute connected subnets
Network 10.1.1.0 0.0.0.255 area 0
SH cryp ike his
IPv4 Crypto IKEv2 SA
Tunnel-id Local Remote fvrf/ivrf status
1 192.168.50.198/500 192.168.50.197/500 no/no LOAN
BA: AES - CBC, keysize: 256, Hash: SHA512, DH Grp:16, Auth sign: PSK, Auth check: PSK
Duration of life/active: 86400/77565 sec
Tunnel-id Local Remote fvrf/ivrf status
2 192.168.50.198/500 192.168.50.199/500 no/no LOAN
BA: AES - CBC, keysize: 256, Hash: SHA512, DH Grp:16, Auth sign: PSK, Auth check: PSK
Duration of life/active: 86400/77542 sec
IPv6 Crypto IKEv2 SA
SH ip rou
S * 0.0.0.0/0 [1/0] via 192.168.50.1
10.0.0.0/8 is variably divided into subnets, 2 subnets, 2 masks
C 10.1.1.0/24 is directly connected, Loopback10
L 10.1.1.1/32 is directly connected, Loopback10
50.0.0.0/8 is variably divided into subnets, 2 subnets, 2 masks
C 50.1.1.0/24 is directly connected, Loopback50
L 50.1.1.1/32 is directly connected, Loopback50
100.0.0.0/32 is divided into subnets, subnets 1
AI 100.1.1.1 [110/2] via 172.16.10.254, 21:32:58, Virtual Network1
172.16.0.0/16 is variably divided into subnets, 2 subnets, 2 masks
172.16.10.0/24 C is directly connected, Loopback1
L 172.16.10.1/32 is directly connected, Loopback1
192.168.50.0/24 is variably divided into subnets, 2 subnets, 2 masks
C 192.168.50.0/24 is directly connected, GigabitEthernet0/1
The 192.168.50.198/32 is directly connected, GigabitEthernet0/1
200.1.1.0/32 is divided into subnets, subnets 1
AI 200.1.1.1 [110/2] via 172.16.10.253, 21:32:38, Access2-virtual
201.1.1.0/32 is divided into subnets, subnets 1
AI 201.1.1.1 [110/2] via 172.16.10.253, 21:32:38, Access2-virtual
220.1.1.0/32 is divided into subnets, subnets 1
AI 220.1.1.1 [110/2] via 172.16.10.253, 00:06:11, Access2-virtual
---------------------------SPOKE---------------------------------------------
Crypto ikev2 proposal ikev2_prop
encryption aes-cbc-256
integrity sha512
Group 16
!
IKEv2 crypto policy ikev2_policy
proposal ikev2_prop
!
Crypto ikev2 keyring Flex_key
Rays peer
address 192.168.50.198
pre-shared key local 12345
pre-shared key remote 12345
!
Profile of ikev2 crypto Flex_IKEv2
match one address remote identity 192.168.50.198 255.255.255.0
sharing front of remote authentication
sharing of local meadow of authentication
local Flex_key keychain
virtual-model 1
!
no default isakmp crypto policy
!
!
Crypto ipsec transform-set esp - aes 256 esp-sha512-hmac ipsec_trans
tunnel mode
!
by default the crypto ipsec profile
Set transform-set ipsec_trans
Flex_IKEv2 Set ikev2-profile
!
interface Loopback200
200.1.1.1 IP address 255.255.255.0
IP ospf 10 200 area
!
interface Loopback201
IP 201.1.1.1 255.255.255.0
IP ospf 10 201 area
!
interface Loopback220
IP 220.1.1.1 255.255.255.0
IP ospf 10 220 area
!
Tunnel1 interface
IP 172.16.10.253 255.255.255.0
IP 1400 MTU
IP tcp adjust-mss 1360
source of tunnel GigabitEthernet0/1
ipv4 ipsec tunnel mode
tunnel destination 192.168.50.198
tunnel path-mtu-discovery
tunnel protection ipsec shared default profile
!
interface GigabitEthernet0/1
IP 192.168.50.199 255.255.255.0
automatic duplex
automatic speed
!
router ospf 10
network 172.16.10.0 0.0.0.255 area 0
SH cryp ike his
IPv4 Crypto IKEv2 SA
Tunnel-id Local Remote fvrf/ivrf status
1 192.168.50.199/500 192.168.50.198/500 no/no LOAN
BA: AES - CBC, keysize: 256, Hash: SHA512, DH Grp:16, Auth sign: PSK, Auth check: PSK
Duration of life/active: 77852/86400 sec
IPv6 Crypto IKEv2 SA
SH ip route
S * 0.0.0.0/0 [1/0] via 192.168.50.1
172.16.0.0/16 is variably divided into subnets, 2 subnets, 2 masks
172.16.10.0/24 C is directly connected, Tunnel1
L 172.16.10.253/32 is directly connected, Tunnel1
192.168.50.0/24 is variably divided into subnets, 2 subnets, 2 masks
C 192.168.50.0/24 is directly connected, GigabitEthernet0/1
The 192.168.50.199/32 is directly connected, GigabitEthernet0/1
200.1.1.0/24 is variably divided into subnets, 2 subnets, 2 masks
C 200.1.1.0/24 is directly connected, Loopback200
L 200.1.1.1/32 is directly connected, Loopback200
201.1.1.0/24 is variably divided into subnets, 2 subnets, 2 masks
C 201.1.1.0/24 is directly connected, Loopback201
L 201.1.1.1/32 is directly connected, Loopback201
220.1.1.0/24 is variably divided into subnets, 2 subnets, 2 masks
C 220.1.1.0/24 is directly connected, Loopback220
L 220.1.1.1/32 is directly connected, Loopback220
SH ip ospf database ro 172.16.10.1
Router OSPF with ID (200.1.1.1) (the process ID of 10)
Router link States (zone 0)
ADV router is accessible via is not in the Base with MTID topology 0
LS age: 336
Options: (no TOS-capability, DC)
LS type: Router links
Link state ID: 172.16.10.1
Advertising router: 172.16.10.1
LS number of Seq: 80000065
Checksum: 0x4B6E
Length: 60
Area border router
ROUTER limits
Number of links: 3
Link to: a Stub network
(Link ID) Network/subnet number: 10.1.1.1
(Data link) Network mask: 255.255.255.255
Number of parameters MTID: 0
TOS 0 metric: 1
Link to: another router (point to point)
(Link ID) Neighbors router ID: 100.1.1.1
(Data link) Address of the router Interface: 0.0.0.18
Number of parameters MTID: 0
TOS 0 metric: 1
Link to: another router (point to point)
(Link ID) The router ID neighbors: 200.1.1.1
(Data link) Address of the router Interface: 0.0.0.17
Number of parameters MTID: 0
TOS 0 metric: 1
Kamil,
A tunnel in this deployment (and VT / going also) is an interface point to point, there is really no good reason to keep anything other than 32 (I might not be aware of some subtleties in more complex deployment).
'Set interface route' is your greatest friend ;-)
M.
-
CISCO 3750: OSPF interface IP unnumbered
Hi Expert,
This is the first time that I'm working on OSPF and IP Unnumbered interfaces.
My task is to adjacencies OSPF put forward two switches CISCO 3750 connected back-to-back by IP of interfaces not numbered. I use the loopback interface to borrow the IP addresses for the interfaces not numbered on both CISCO switches. After trying so many times, OSPF is not at all to come through Unnumbered interfaces but when tried with numbered interface was fine.
I'm pasting here complete running-config. Please help me to solve the problem:
Here is the brief info put in place:
R1(Gi1/0/19) - R (article gi1/0/19)
Swicth R1:
===========
Current configuration: 2129 bytes
!
version 12.2
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
Switch host name
!
boot-start-marker
boot-end-marker
!
!
No aaa new-model
1 supply ws-c3750g-24ts-1u switch
mtu 1500 routing system
IP subnet zero
IP routing
!
!
!
!
!
!
!
!
!
!
pvst spanning-tree mode
spanning tree extend id-system
!
internal allocation policy of VLAN ascendant
!
!
!
!
interface Loopback1
IP 10.10.10.10 address 255.255.255.0
!
GigabitEthernet1/0/1 interface
Shutdown
!
interface GigabitEthernet1/0/2
Shutdown
!
interface GigabitEthernet1/0/3
Shutdown
!
interface GigabitEthernet1/0/4
Shutdown
!
interface GigabitEthernet1/0/5
Shutdown
!
interface GigabitEthernet1/0/6
Shutdown
!
interface GigabitEthernet1/0/7
Shutdown
!
interface GigabitEthernet1/0/8
Shutdown
!
interface GigabitEthernet1/0/9
Shutdown
!
interface GigabitEthernet1/0/10
Shutdown
!
interface GigabitEthernet1/0/11
Shutdown
!
interface GigabitEthernet1/0/12
Shutdown
!
interface GigabitEthernet1/0/13
Shutdown
!
interface GigabitEthernet1/0/14
Shutdown
!
interface GigabitEthernet1/0/15
Shutdown
!
interface GigabitEthernet1/0/16
Shutdown
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
Shutdown
!
interface GigabitEthernet1/0/19
No switchport
IP unnumbered Loopback1
IP ospf network point
!
interface GigabitEthernet1/0/20
Shutdown
!
interface GigabitEthernet1/0/21
Shutdown
!
interface GigabitEthernet1/0/22
Shutdown
!
interface GigabitEthernet1/0/23
Shutdown
!
interface GigabitEthernet1/0/24
Shutdown
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
Shutdown
!
router ospf 100
router ID - 100.100.100.100
Log-adjacency-changes
Network 10.10.10.0 0.0.0.255 area 0
!
IP classless
IP route 20.20.20.20 255.255.255.255 GigabitEthernet1/0/19
IP http server
IP http secure server
!
!
!
control plan
!
!
Line con 0
line vty 5 15
!
!
control the source session interface 1 item in gi1/0/19
control interface of destination session 1 item in gi1/0/17
end
===
The #show switch ip interface brief | include the
The #show switch ip interface brief | include the
GigabitEthernet1/0/17 no undefined upward down YES
GigabitEthernet1/0/19 10.10.10.10 YES manual up up
Loopback1 10.10.10.10 YES manual up up
==================================================
Switch R2:
==================
Switch #sho run
Switch #sho running-config
Building configuration...
Current configuration: 2079 bytes
!
version 12.2
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
Switch host name
!
boot-start-marker
boot-end-marker
!
!
!
!
No aaa new-model
switch 1 supply ws-c3750g-24 t
mtu 1500 routing system
allow authentication mac-move
IP subnet zero
IP routing
!
!
!
!
!
!
!
!
pvst spanning-tree mode
spanning tree etherchannel guard misconfig
spanning tree extend id-system
!
internal allocation policy of VLAN ascendant
!
!
!
!
interface Loopback1
IP 20.20.20.20 255.255.255.0
!
GigabitEthernet1/0/1 interface
Shutdown
!
interface GigabitEthernet1/0/2
Shutdown
!
interface GigabitEthernet1/0/3
Shutdown
!
interface GigabitEthernet1/0/4
Shutdown
!
interface GigabitEthernet1/0/5
Shutdown
!
interface GigabitEthernet1/0/6
Shutdown
!
interface GigabitEthernet1/0/7
Shutdown
!
interface GigabitEthernet1/0/8
Shutdown
!
interface GigabitEthernet1/0/9
Shutdown
!
interface GigabitEthernet1/0/10
Shutdown
!
interface GigabitEthernet1/0/11
Shutdown
!
interface GigabitEthernet1/0/12
Shutdown
!
interface GigabitEthernet1/0/13
Shutdown
!
interface GigabitEthernet1/0/14
Shutdown
!
interface GigabitEthernet1/0/15
Shutdown
!
interface GigabitEthernet1/0/16
Shutdown
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
Shutdown
!
interface GigabitEthernet1/0/19
No switchport
IP unnumbered Loopback1
IP ospf network point
!
interface GigabitEthernet1/0/20
Shutdown
!
interface GigabitEthernet1/0/21
Shutdown
!
interface GigabitEthernet1/0/22
Shutdown
!
interface GigabitEthernet1/0/23
Shutdown
!
interface GigabitEthernet1/0/24
Shutdown
!
interface Vlan1
no ip address
Shutdown
!
router ospf 100
router ID - 200.200.200.200
Log-adjacency-changes
network 20.20.20.0 0.0.0.255 area 0
!
IP classless
Route IP 10.10.10.10 255.255.255.255 GigabitEthernet1/0/19
IP http server
IP http secure server
!
!
activate the IP sla response alerts
!
!
!
Line con 0
line vty 5 15
!
!
control the source session interface 1 item in gi1/0/19
control interface of destination session 1 item in gi1/0/17
end
====================
The #sho switch ip interface brief | include the
GigabitEthernet1/0/17 no undefined upward down YES
20.20.20.20 GigabitEthernet1/0/19 YES manual up up
Loopback1 20.20.20.20 YES manual up up
====================================
Thank you very much in advance for your answer!
Kind regards
Aerts
Hi AEK.
the IP unnumbered command does not work on multiaccess-interfaces such as Ethernet (even when you set it up as a point-to-point OSPF):
Understand and configure the IP without order number
Cisco IOS IP Addressing Services Command Reference #ip unnumberd
HTH
Rolf
[EDIT]:
... apparently, with the exception of high range as the 6 k platforms:
Order history
(...)
12.2 (18) SXF: this command has been modified to support the physical Ethernet interfaces and switched virtual interfaces (LASS).
-
Phone verification (two-factor authentication) on Sierra is not available in Bangladesh
I upgraded to El Capitan in macOS Sierra today. But when I tried to set up two mobile verification or authentication my country (Bangladesh) was not listed there. I was wondering why this service is not available here in Bangladesh? Please give me a solution for telephone based it services.
If it is not supported in your country, then I'm afraid you're out of luck. As to why, you have to ask Apple https://getsupport.apple.com/ instead we support single users in these Community Forums.
-
On my iMac after Sierra was an option to unlock with Apple Watch (security preferences panel). I click it and it says I need to disable the verification of two factor and enable two-factor authentication. Fine.
Did. Now the option to activate Apple Watch unlock on the mac has disappeared.
It works on my other Mac but not the iMac.
Also in the preferences to iCloud account, then on devices, I see that my Apple Watch can be used to receive the codes!
Someone knows how to fix these?
Tried to run iCloud power switch, disconnect the watch and repair, restart everything.
Just to be clear, the Mac is capable of auto unlock, it's an iMac end of 2015 and system report confirms it is compatible.
The apple support page also suggests watches should be able to receive the codes:
-
Can I choose my device of trust preferred to iCloud two-factor authentication?
I've recently implemented Icloud two-factor authentication, because I love the he adds extra security.
As usual, I have my macbook on me, I also have to log on windows pc, every now and then.
Unfortunately, ICloud chooses my headless mac mini which I use as a server at home instead of my laptop or Iphone.
I would like to stop receiving the confirmation on this machine code, everyone was faced with a similar problem?
If so how to solve it?
Codes to go to all the secure devices.
Of course, you can trust features remove at any time.
-
When you try to configure the authentication of two step my location appears as a bad place
Hi, I'm trying to implement the authentication of two floors on all my devices, however when I do this I get a message on another device connected in iCloud saying that another device is trying to connect in icloud to a display location near London, I don't live in London but.
Could someone help?
I'm having the same problem! Having the two devices in front of me, but have the message saying that another device tries to log on to London? I also don't live anywhere near London, I recently updated my email ID well and it's the old e-mail ID that requires authentication?
Sorry I can not help but hoping someone else has an answer us?
-
Zambia - two-factor authentication
I wanted to set up authentication two factor for my access iCloud. Zambia does not appear on the drop-down list numbering country codes, so I couldn't continue. Any ideas in addition to a password?
I've wanted to do this to the attention of Apple support, but fell select my position as Zambia was not an option under the Africa/Middle East. (I'm sure I did contact the Apple Support before...)
What subject of audit in two steps instead, though of course it is available for your country?
-
Check whether or not the magsafe power adapter is authentic
Hello! I bought some 60 W MagSafe 2 Power adapter MD565CH/A, 85 W MagSafe 2 Power adapter MD506CH/A & 45 W MagSafe 2 Power adapter MD592CH/A but the serial number in each category is same for example there are 10 units for 60 W & all have the same serial number. I have a doubt, be they authentic shape Apple or not. Kindly help.
You will need to call Apple for confirmation.
Maybe you are looking for
-
Why Firefox has disabled the only version of Flash (10.1.53.64) my computer can use? (Mac PowerPC G5) Help!
-
I'm trying to deploy an operating system via SCCM 2012 a 810 turn and I'm having no luck with the driver for the CARD. I loaded the driver downloaded in SCCM and it is important without error but don't deploy. I put the driver on a usb key and it wil
-
Card PCI-6225 with module CSC-68 and tc02 on connector 1
Hello I have a pci-6225 card attached to a scc-68 with a TC02 module for temperature. If I connect to connector 0 on the map of 6225, everything works well. But if I connect to the connector 1 I get a signal floating between 100 and 200 instead of
-
Cannot stop the installation of the updates of Windows that stopped at halfway.
Original title: arrested installation during the installation of the updates stopped at halfway and I can't stop installation milkway
-
Cannot see email in MSN Explorer
Original title: I only CAN NOT SEE MY EMAIL IN the EXPLORER of MSN IN AI XP it IS WHITE MY MSN EXPLORER E-MAIL PAGE IS NOW BLANK I DON'T SEE MY EMAIL. I CAN GET MY EMAIL IN HOTMAIL