When you enable OSPF authentication on a link and do a "show ip ospf" you get the output below but you can clearly see that authentication has been configured on the interface. If you do a "debug ip ospf packet" you will see that " aut:2 " MD5 is being used.
Note: aut:0 / No authentication | aut:1 / Clear text authentication.
R2#sh ip ospf
<output omitted>
Area has no authentication
interface FastEthernet0/0
ip address 172.16.20.2 255.255.255.128
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 c1sco
ip ospf mtu-ignore
duplex auto
speed auto
end
R2#deb ip ospf packet
OSPF packet debugging is on
R2#
*Jan 1 15:03:30.239: OSPF: rcv. v:2 t:1 l:48 rid:172.16.200.1
aid:0.0.0.3 chk:0 aut:2 keyid:1 seq:0x2B916A81 from FastEthernet0/0
***********
ICMP Router Discovery Protocol (IRDP)
SW3 -
interface FastEthernet0/10
no switchport
ip address 172.16.30.10 255.255.255.128
ip irdp
interface FastEthernet0/0.50
encapsulation dot1Q 50
ip address 172.16.30.3 255.255.255.128
ip irdp
ip irdp multicast
ip irdp maxadvertinterval 20
ip irdp minadvertinterval 20
ip irdp holdtime 60
!
***********
IPv6 Tunneling
R1 -
interface Tunnel15 - To R5
no ip address
ipv6 address FEC0::15:1/112
ipv6 ospf 1 area 0
tunnel source BVI1
tunnel destination 172.16.10.5
tunnel mode ipv6ip (Non-Cisco Proprietary)
interface Tunnel16 - To R6
no ip address
ipv6 address FEC0::16:1/112
ipv6 ospf 1 area 56
tunnel source BVI1
tunnel destination 172.16.10.6
(GRE - Default and Cisco Proprietary)
R5 -
interface Tunnel15 - To R1
no ip address
ipv6 address FEC0::15:5/112
ipv6 ospf 1 area 0
tunnel source FastEthernet0/0.10
tunnel destination 172.16.10.1
tunnel mode ipv6ip (Non-Cisco Proprietary)
R6 -
interface Tunnel16 - To R1
no ip address
ipv6 address FEC0::16:6/112
ipv6 ospf 1 area 56
tunnel source FastEthernet0/0
tunnel destination 172.16.10.1
(GRE - Default and Cisco Proprietary)
***********
SW3#show spanning-tree mst configuration
Name []
Revision 0 Instances configured 3
Instance Vlans mapped
-------- ---------------------------------------------------------------------
0 1-109,131-139,161-4094
1 110-130
2 140-160
-------------------------------------------------------------------------------
SW3(config)#spanning-tree mst 1 priority 24576
SW3#sh spanning-tree mst 1
##### MST1 vlans mapped: 110-130
Bridge address 0013.1a06.6580 priority 24577 (24576 sysid 1)
Root this switch for MST1
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/13 Desg FWD 200000 128.13 P2p
Fa0/14 Desg FWD 200000 128.14 P2p
***********
RSPAN -
The link that we are monitoring is a trunk and has numerous VLANs traversing the link. Below you will see we are only interested in the traffic from v120 and v130.
monitor session 1 source interface Fa0/16
monitor session 1 filter vlan 120 , 130
monitor session 1 destination remote vlan 999
sw1#sh monitor session 1
Session 1
---------
Type : Remote Source Session
Source Ports :
Both : Fa0/16
Filter VLANs : 120,130
Dest RSPAN VLAN : 999
What you see configured here in that we are taking the interesting traffic from the trunk and adding all of it to v120 as the sniffer is attached to an access port belonging to v120.
monitor session 1 destination interface Fa0/16 ingress untagged vlan 120
monitor session 1 source remote vlan 999
sw2#sh monitor session 1
Session 1
---------
Type : Remote Destination Session
Source RSPAN VLAN : 999
Destination Ports : Fa0/16
Encapsulation : Native
Ingress : Enabled, default VLAN = 120
Ingress encap : Untagged
No comments:
Post a Comment