Whether are compatible Cisco IOS and BIRD at usage OSPF MD5 of authentification?
I have of two bird (bird1 and bird2 ) and two Cisco devices (cisco1 and cisco2). I have decided to confirue OSPF MD5 authentification. Whether are compatible Cisco IOS and BIRD at usage OSPF MD5 of authentification? Config of Cisco devices. interface Vlan550 ip address 10.10.1.3 255.255.255.128 ip ospf authentication ip ospf message-digest-key 1 md5 7 0636092546420B12034347 ip ospf priority 5 Config of bird devices interface "eth1.550" { hello 10; retransmit 5; cost 10; transmit delay 1; dead count 4; wait 40; type broadcast; priority 0; authentication cryptographic; password "Prjcsalfr45"; }; Cisco1 with cisco2 have installed the neighbourhood with each other. Bird1 and bird2 have installed the neighbourhood with each other, but CiscoХ birdХ not. Give examples of configs if exist. Vladislav Grishin
Dear, Владислав Гришин. Вы писали 12 июля 2010 г., 15:32:39:
I have of two bird (bird1 and bird2 ) and two Cisco devices (cisco1 and cisco2).
I have decided to confirue OSPF MD5 authentification.
Whether are compatible Cisco IOS and BIRD at usage OSPF MD5 of authentification?
Config of Cisco devices.
interface Vlan550 ip address 10.10.1.3 255.255.255.128 ip ospf authentication ip ospf message-digest-key 1 md5 7 0636092546420B12034347 ip ospf priority 5
Config of bird devices
interface "eth1.550" { hello 10; retransmit 5; cost 10; transmit delay 1; dead count 4; wait 40; type broadcast; priority 0; authentication cryptographic; password "Prjcsalfr45"; };
Cisco1 with cisco2 have installed the neighbourhood with each other. Bird1 and bird2 have installed the neighbourhood with each other, but CiscoХ birdХ not.
Give examples of configs if exist.
Vladislav Grishin
You can use a patch to enable bird to work correctly with LLS packages or you can disable the LLS at the interfaces cisco ip ospf lls disable -- Best regards, Vitaliy Kolodinsky BYVK-RIPE ISP Atlant Telecom kolodinsky@telecom.by
On Tue, Jul 13, 2010 at 01:48:44PM +0300, Vitaliy Kolodinsky wrote:
Cisco1 with cisco2 have installed the neighbourhood with each other. Bird1 and bird2 have installed the neighbourhood with each other, but Cisco? bird? not.
Give examples of configs if exist.
Vladislav Grishin
You can use a patch to enable bird to work correctly with LLS packages or you can disable the LLS at the interfaces cisco ip ospf lls disable
I think that the problem with LLS is fixed in BIRD version 1.2.2 . -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Debug output of cisco 3550 after I insert command 'ip ospf lls disable'. ... interface Vlan550 ip address 10.10.1.3 255.255.255.128 ip ospf authentication ip ospf message-digest-key 1 md5 7 15220D080E26292F2E6760 ip ospf priority 5 ip ospf lls disable ... 10.10.1.1 and 10.10.1.2 is IPs of bird. 3550-L3-S1#debug ip ospf events OSPF events debugging is on 3550-20a-L3-S1#debug ip ospf hello OSPF hello events debugging is on 3550-20a-L3-S1# *Mar 16 02:45:55.637: OSPF: Send hello to 224.0.0.5 area 0 on Vlan550 from 10.10.1.3 *Mar 16 02:45:55.637: OSPF: Rcv pkt from 10.10.1.2, Vlan550 : Mismatch Authentication type. Input packet specified type 2, we use type 1 *Mar 16 02:45:56.593: OSPF: end of Wait on interface Vlan550 *Mar 16 02:45:56.593: OSPF: DR/BDR election on Vlan550 *Mar 16 02:45:56.593: OSPF: Elect BDR 10.10.1.3 *Mar 16 02:45:56.593: OSPF: Elect DR 10.10.1.3 *Mar 16 02:45:56.593: OSPF: Elect BDR 0.0.0.0 *Mar 16 02:45:56.593: OSPF: Elect DR 10.10.1.3 *Mar 16 02:45:56.593: DR: 10.10.1.3 (Id) BDR: none *Mar 16 02:45:57.093: OSPF: No full nbrs to build Net Lsa for interface Vlan550 *Mar 16 02:45:58.049: OSPF: Rcv pkt from 10.10.1.1, Vlan550 : Mismatch Authentication type. Input packet specified type 0, we use type 1 *Mar 16 02:46:04.821: OSPF: Rcv pkt from 10.10.1.2, Vlan550 : Mismatch Authentication type. Input packet specified type 2, we use type 1 *Mar 16 02:46:05.261: OSPF: Send hello to 224.0.0.5 area 0 on Vlan550 from 10.10.1.3 *Mar 16 02:46:08.525: OSPF: Rcv pkt from 10.10.1.1, Vlan550 : Mismatch Authentication type. Input packet specified type 0, we use type 1 *Mar 16 02:46:14.537: OSPF: Send hello to 224.0.0.5 area 0 on Vlan550 from 10.10.1.3 *Mar 16 02:46:15.537: OSPF: Rcv pkt from 10.10.1.2, Vlan550 : Mismatch Authentication type. Input packet specified type 2, we use type 1 *Mar 16 02:46:18.201: OSPF: Rcv pkt from 10.10.1.1, Vlan550 : Mismatch Authentication type. Input packet specified type 0, we use type 1 *Mar 16 02:46:23.745: OSPF: Send hello to 224.0.0.5 area 0 on Vlan550 from 10.10.1.3 3550-20a-L3-S1# "Specified type 2" is result of bird command 'authentication cryptographic'. "Specified type 0" is result of bird command 'authentication none'. [root@border-t2 ~]# tail -f /var/log/messages May 15 16:55:03 border-t2 bird: OSPF: Bad packet from 10.10.1.3 - authentification failed May 15 16:55:05 border-t2 bird: OSPF: Bad packet from 10.10.1.1 - authentification failed May 15 16:55:13 border-t2 bird: OSPF: Bad packet from 10.10.1.3 - authentification failed May 15 16:55:15 border-t2 bird: OSPF: Bad packet from 10.10.1.1 - authentification failed May 15 16:55:22 border-t2 bird: OSPF: Bad packet from 10.10.1.3 - authentification failed -----Original Message----- From: owner-bird-users@atrey.karlin.mff.cuni.cz [mailto:owner-bird-users@atrey.karlin.mff.cuni.cz] On Behalf Of Ondrej Zajicek Sent: Tuesday, July 13, 2010 4:22 PM To: Vitaliy Kolodinsky Cc: ????????? ??????; bird-users@trubka.network.cz Subject: Re: Whether are compatible Cisco IOS and BIRD at usage OSPF MD5 ofauthentification? On Tue, Jul 13, 2010 at 01:48:44PM +0300, Vitaliy Kolodinsky wrote:
Cisco1 with cisco2 have installed the neighbourhood with each other. Bird1 and bird2 have installed the neighbourhood with each other, but Cisco? bird? not.
Give examples of configs if exist.
Vladislav Grishin
You can use a patch to enable bird to work correctly with LLS packages or you can disable the LLS at the interfaces cisco ip ospf lls disable
I think that the problem with LLS is fixed in BIRD version 1.2.2 . -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
On Tue, Jul 13, 2010 at 04:57:27PM +0400, ????????? ?????? wrote:
Debug output of cisco 3550 after I insert command 'ip ospf lls disable'.
... interface Vlan550 ip address 10.10.1.3 255.255.255.128 ip ospf authentication ip ospf message-digest-key 1 md5 7 15220D080E26292F2E6760 ip ospf priority 5 ip ospf lls disable ...
10.10.1.1 and 10.10.1.2 is IPs of bird.
3550-L3-S1#debug ip ospf events OSPF events debugging is on 3550-20a-L3-S1#debug ip ospf hello OSPF hello events debugging is on 3550-20a-L3-S1# *Mar 16 02:45:55.637: OSPF: Send hello to 224.0.0.5 area 0 on Vlan550 from 10.10.1.3 *Mar 16 02:45:55.637: OSPF: Rcv pkt from 10.10.1.2, Vlan550 : Mismatch Authentication type. Input packet specified type 2, we use type 1 *Mar 16 02:45:56.593: OSPF: end of Wait on interface Vlan550 *Mar 16 02:45:56.593: OSPF: DR/BDR election on Vlan550 *Mar 16 02:45:56.593: OSPF: Elect BDR 10.10.1.3 *Mar 16 02:45:56.593: OSPF: Elect DR 10.10.1.3 *Mar 16 02:45:56.593: OSPF: Elect BDR 0.0.0.0 *Mar 16 02:45:56.593: OSPF: Elect DR 10.10.1.3 *Mar 16 02:45:56.593: DR: 10.10.1.3 (Id) BDR: none *Mar 16 02:45:57.093: OSPF: No full nbrs to build Net Lsa for interface Vlan550 *Mar 16 02:45:58.049: OSPF: Rcv pkt from 10.10.1.1, Vlan550 : Mismatch Authentication type. Input packet specified type 0, we use type 1 *Mar 16 02:46:04.821: OSPF: Rcv pkt from 10.10.1.2, Vlan550 : Mismatch Authentication type. Input packet specified type 2, we use type 1
I don't have much experience with Cisco, but i would guess that you have configured Cisco to use plaintext passwords (type 1) instead of MD5 auth (type 2). -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Yes. Right config of cisco interface Vlan550 ip address 10.10.1.3 255.255.255.128 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 15220D080E26292F2E6760 ip ospf priority 5 ! -----Original Message----- From: owner-bird-users@atrey.karlin.mff.cuni.cz [mailto:owner-bird-users@atrey.karlin.mff.cuni.cz] On Behalf Of Ondrej Zajicek Sent: Tuesday, July 13, 2010 5:32 PM To: ????????? ?????? Cc: 'Vitaliy Kolodinsky'; bird-users@trubka.network.cz Subject: Re: Whether are compatible Cisco IOS and BIRD at usage OSPF MD5ofauthentification? On Tue, Jul 13, 2010 at 04:57:27PM +0400, ????????? ?????? wrote:
Debug output of cisco 3550 after I insert command 'ip ospf lls disable'.
... interface Vlan550 ip address 10.10.1.3 255.255.255.128 ip ospf authentication ip ospf message-digest-key 1 md5 7 15220D080E26292F2E6760 ip ospf priority 5 ip ospf lls disable ...
10.10.1.1 and 10.10.1.2 is IPs of bird.
3550-L3-S1#debug ip ospf events OSPF events debugging is on 3550-20a-L3-S1#debug ip ospf hello OSPF hello events debugging is on 3550-20a-L3-S1# *Mar 16 02:45:55.637: OSPF: Send hello to 224.0.0.5 area 0 on Vlan550 from 10.10.1.3 *Mar 16 02:45:55.637: OSPF: Rcv pkt from 10.10.1.2, Vlan550 : Mismatch Authentication type. Input packet specified type 2, we use type 1 *Mar 16 02:45:56.593: OSPF: end of Wait on interface Vlan550 *Mar 16 02:45:56.593: OSPF: DR/BDR election on Vlan550 *Mar 16 02:45:56.593: OSPF: Elect BDR 10.10.1.3 *Mar 16 02:45:56.593: OSPF: Elect DR 10.10.1.3 *Mar 16 02:45:56.593: OSPF: Elect BDR 0.0.0.0 *Mar 16 02:45:56.593: OSPF: Elect DR 10.10.1.3 *Mar 16 02:45:56.593: DR: 10.10.1.3 (Id) BDR: none *Mar 16 02:45:57.093: OSPF: No full nbrs to build Net Lsa for interface Vlan550 *Mar 16 02:45:58.049: OSPF: Rcv pkt from 10.10.1.1, Vlan550 : Mismatch Authentication type. Input packet specified type 0, we use type 1 *Mar 16 02:46:04.821: OSPF: Rcv pkt from 10.10.1.2, Vlan550 : Mismatch Authentication type. Input packet specified type 2, we use type 1
I don't have much experience with Cisco, but i would guess that you have configured Cisco to use plaintext passwords (type 1) instead of MD5 auth (type 2). -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (3)
-
Ondrej Zajicek -
Vitaliy Kolodinsky -
Владислав Гришин