OSPF Password Rollover

Previous | Intermediate Level | Next

Pic. 1 - Topology Diagram.

Task 1

R1 is configured to run Simple Password Authentication with R3 and R4 in the routing context like presented in pic. 2:

Pic. 2.

Configure new password between R1 and R2 on their Fa0/0 link. Use the 'CISCO123' as the password and ensure that R1 and R2 do not lose FULL state.

Questions

Try to answer the following questions:

1. What is OSPF password rollover?

Lab Solution

Solution configuration below:
https://docs.google.com/file/d/0BwE5C95tpjZObmtwYnFiY2FsX1E/edit?usp=sharing

Task1
R1 is configured to run Simple Password Authentication with R3 and R4 in the routing context like presented in pic. 2. Configure new password between R1 and R2 on their Fa0/0 link. Use the 'CISCO123' as the password and ensure that R1 and R2 do not lose FULL state.

R1 Config:
!
interface FastEthernet0/0
 ip ospf message-digest-key 2 md5 CISCO123
!

Notice!
Once you add another password (key_id 2, here), R1 still uses the first key, since R2 uses the first one too (G33K). During that process here's the output of R1's OSPF enabled interface (check out the last four lines):

Pic. 3.

R2 Config:
!
interface FastEthernet0/0
ip ospf message-digest-key 2 md5 CISCO123
!

After adding the new key/password pair on both routers, here's the OSPF interface output:

Pic. 4.

Study Drill

If you add an extra key+password pair, while leaving the old one still configured, OSPF neighbor relationship stays intact. Try to remove the key and then add the new key on both R1 and R2. Make sure you do not do this too fast (you should give it at least 40 seconds - dead time to see what happens).

Previous | Intermediate Level | Next

© Jarek Rek 2013