The process of changing keys is as follows. Suppose the current configuration is interface ethernet 1 ip ospf message-digest-key 100 md5 OLD You change the configuration to the following: interface ethernet 1 ip ospf message-digest-key 101 md5 NEW The system assumes its neighbors do not have the new key yet, so it begins a rollover process. It sends multiple copies of the same packet, each authenticated by different keys. In this example, the system sends out two copies of the same packetthe first one authenticated by key 100 and the second one authenticated by key 101. Rollover allows neighboring routers to continue communication while the network administrator is updating them with the new key. Rollover stops once the local system finds that all its neighbors know the new key. The system detects that a neighbor has the new key when it receives packets from the neighbor authenticated by the new key. After all neighbors have been updated with the new key, the old key should be removed. In this example, you would enter the following: interface ethernet 1 no ip ospf message-digest-key 100 Then, only key 101 is used for authentication on Ethernet interface 1. You should not keep more than one key per interface, as recommended by Cisco. Every time you add a new key, you should remove the old key to prevent the local system from continuing to communicate with a hostile system that knows the old key. Removing the old key also reduces overhead during rollover. Example: The following example sets a new key 19 with the password 8ry4222: interface ethernet 1 ip ospf message-digest-key 10 md5 xvv560qle ip ospf message-digest-key 19 md5 8ry4222 Related Commands: area authentication ip ospf name-lookupTo configure OSPF to look up Domain Name System (DNS) names for use in all OSPF SHOW EXEC command displays, use the ip ospf name-lookup global configuration command. To disable this feature, use the no form of this command. The syntax for this command (and the no form) is as follows: ip ospf name-lookup no ip ospf name-lookup Syntax Description: This command has no arguments or keywords.
Example: The following example configures OSPF to look up DNS names for use in all OSPF show EXEC command displays: ip ospf name-lookup Sample Display: The following is sample output from the show ip ospf database EXEC command, for example, after you have enabled the DNS name lookup feature: Router# show ip ospf database OSPF Router with id (160.89.41.1) (Autonomous system 109) Router Link States (Area 0.0.0.0) Link ID ADV Router Age Seq# Checksum Link count 160.89.41.1 router 381 0x80000003 0x93BB 4 160.89.34.2 neon 380 0x80000003 0xD5C8 2 Net Link States (Area 0.0.0.0) Link ID ADV Router Age Seq# Checksum 160.89.32.1 router 381 0x80000001 0xC117 ip ospf networkTo configure the OSPF network type to a type other than the default for a given media, use the ip ospf network interface configuration command. To return to the default value, use the no form of this command. The syntax for this command (and the no form) is as follows: ip ospf network {broadcast | non-broadcast | point-to-multipoint} no ip ospf network Syntax Description:
Default: Depends on the network type. Command Mode: Interface configuration. Usage Guidelines: Using this feature, you can configure broadcast networks as nonbroadcast multiaccess networks when, for example, you have routers in your network that do not support multicast addressing. You can also configure nonbroadcast multiaccess networks, such as X.25, Frame Relay, and SMDS, as broadcast networks. This feature saves you from having to configure neighbors. Configuring nonbroadcast multiaccess networks as either broadcast or nonbroadcast assumes that there are virtual circuits from every router to every router or fully-meshed network. This is not true for some cases, for example, due to cost constraints or when you have only a partially-meshed network. In these cases, you can configure the OSPF network type as a point-to-multipoint network. Routing between two routers that are not directly connected will go through the router that has virtual circuits to both routers. Note that you do not need to configure neighbors when using this feature. If this command is issued on an interface that does not allow it, it will be ignored. Example: The following example sets your OSPF network as a broadcast network: interface serial 0 ip address 160.89.77.17 255.255.255.0 ip ospf network broadcast encapsulation frame-relay Related Commands: neighbor (OSPF) ip ospf priorityTo set the router priority, which helps determine the designated router for this network, use the ip ospf priority interface configuration command. To return to the default value, use the no form of this command. The syntax for this command (and the no form) is as follows: ip ospf priority number no ip ospf priority Syntax Description:
Default: Priority of 1. Command Mode: Interface configuration. Usage Guidelines: When two routers attached to a network, both attempt to become the designated router; the one with the higher router priority takes precedence. If there is a tie, the router with the higher router ID takes precedence. A router with a router priority set to zero is ineligible to become the DR or BDR. Router priority is only configured for interfaces to multiaccess networks (in other words, not point-to-point networks). This priority value is used when you configure OSPF for nonbroadcast networks using the neighbor router configuration command for OSPF.
|