Useful commands

show ip ospf neighbor
debug ip packet
debug ip ospf adj

Neighbor relations ships are formed in seven distinct phases:

  1. Down
  2. Attempt (optional)
  3. Init
  4. 2-Way
  5. Exstart
  6. Exchange
  7. Loading
  8. Full
Down

No Hellos have been received on the interface. You would see this when you have OSPF configured but you do not have any neighbors.

Attempt

Attempting to contact the neighbor. You would not normally see this unless you have statically defined neighbors, you would see this state whilst the router is attempting to reach it's neighbor.

Init

A hello has been received. If a router is stuck in the INIT state then one-way communication means that this

2-Way

Both routers have received a hello, there is a connection between the two routers but they are not exchanging routes. An example of a reason that routers will become stuck in 2-Way is in a multi-access network, a router will only build a full adjacency with the DR and the BDR all other routers will be seen as stuck in 2-way.

Exstart

Sequence number is selected. so that LSAcks can confirm reliable exchange of the information.

Exchange

DBD packets are sent between the routers.

Loading

LSRs are sent for new routes, LSUs are sent containing requested information, LSAcks are sent confirming receipt of the routes.

Full

Both routers are converged.[/cs_text]

Neighbor Authentication

 

Useful Commands

Plain Text Authentication

Router(config)# int fa0/0
Router(config-if)# ip ospf authentication-key
Router(config-if)# exit
Router(config)# router ospf 1
Router(config-router)# area 0 authentication

MD5 Authentication
Router(config)# int fa0/0
Router(config-if)# ip ospf message-digest-key 1 md5 
Router(config-if)# exit
Router(config)# router ospf 1
Router(config-router)# area 0 authentication message-digest

By default authentication of OSPF is not enabled

Neighbor Authentication is not so crucial on point-to-point link as there is not really a way for someone to join themselves in to that routing process. However, on a multi-access network there is the possibility that someone could get a rogue router on to the network and they would be able to affect the network if there is no authentication. There are two types of OSPF authentication:

  1. Plain Text Authentication.
  2. MD5 Authentication.
 

There is not a lot of point in using plain text authentication as all the passwords that secure the authentication of the routing process are sent in plain text on the wire (hence the name). MD5 Authentication is the secure version of the two although this now is also not that secure anymore, the most secure version now is SHA-256 though this is only available in the latest routers. Only MD5 Authentication is covered in the exam.

If you need a new website or your website needs updating go to https://10kinds.tech.

10 Kinds Technology
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram