This topic is to discuss the following lesson:
R1(config)#router ospf 1
R1(config-router)#network 192.168.12.1 255.255.255.0 area 0
- netmask instead of wild card?
Hi Arun,
That’s an error yes, thanks for reporting it. I just fixed it.
Rene
Hello Rene,
It looks like there is also fat finger issue. See below 
R2(config)#router ospf 1
R2(config-router)#network 192.168.12.1 0.0.0.255 area 0That is a typo yes, I’ll fix it. Thanks!
Rene
1 Like
Hello Azat
Yes, that should be 192.168.12.2 and not .1. However, the OSPF process will interpret this as the network address of 192.168.12.0 because of the wildcard mask. If you look at the config after this command, you will indeed see the following:
network 192.168.12.0 0.0.0.255 area 0
But for completeness, I will let Rene know to clarify the command.
I hope this has been helpful!
Laz
Hello Rene,
I really enjoy this contents. And those are really easy to grasp. Also I appreciate your hard work that you put on this.
I have a little question. Can you explain a bit what is actually key chain is . I’m bit confused with the purpose of it. If you don’t mind
Thank you
Sasindu
Hello Sasindu
Great to hear that you find the content helpful! That’s always great to hear. We do our best!
A key chain is simply a data structure that is used within a Cisco router to help manage multiple passwords, which in keychain lingo are called keys. They are also sometimes called shared secrets. These keys are then used to enable secure communication with other devices that also support key-based authentication.
The data structure allows you to create a keychain, and on that keychain, you can create keys with IDs between 0 and 65535. Each key can then be configured with a key-string which is the password itself. Under the configuration of the key, you can add many more parameters such as cryptographic algorithms and lifetime durations.
Features that use key-based authentication include OSPF, EIGRP, BGP, and RIP.
You can find out more info at the following Cisco documentation.
https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-0/security/configuration/guide/sc40crsbook_chapter5.html
I hope this has been helpful!
Laz
HI! Lazaros
Thanks for your reply. it’s helps a lot.
1 Like
Hi Rane , Please help the OSPFv2/ISIS HMAC-SHA-1 or HMAC-SHA-256 configuration for Cisco IOS XRv Series Software, Version 7.1.1.01 Routers. what ever you discussed in the chapter that is Cisco IOS routers .
For Cisco IOS XRv Series this Interface level key chain ip ospf authentication key-chain R1 configuration command is not available. please help on this.
key chain R1
key 1
key-string R1_Password
cryptographic-algorithm HMAC-SHA-256
accept-lifetime 01:01:01 Sep 21 2023 infinite
send-lifetime 01:01:01 Sep 21 2023 infinite
commit
<<<< ip ospf authentication key-chain R1 <<<this config not available in the Cisco IOS XRv Series routers. Please help on this.
R1(Config)#interface gigabitEthernet 0/0/0/2
R1(config-if)#ipv4 ?
access-group Specify access control for packets
address Set the IPv4 address of an interface
bgp Enable BGP policy based feature
directed-broadcast Enable forwarding of directed broadcasts
forwarding-enable enable ipv4 forwarding on a interface
helper-address Specify a destination address for UDP broadcasts
mask-reply Enable sending ICMP mask reply messages
mtu Set IPv4 Maximum Transmission Unit
point-to-point Enable point-to-point handling for this interface.
redirects Enable sending ICMP Redirect messages
tcp-mss-adjust Enable tcp mss adjust for this interface.
ttl-propagate Disable ip ttl propagation for this interface.
unnumbered Enable IPv4 processing without an explicit address
unreachables Enable sending ICMP Unreachable messages
verify Enable per packet validation
Thanks,
Rajasekhar.
Hello Rajasekhar
Looking at some of the Cisco documentation on the subject, I see that the configuration process has changed slightly for IOS XR. The authentication is applied like so:
First, you need to define the key-chain:
key chain R1
key 1
key-string R1_Password
cryptographic-algorithm hmac-sha-256
commit
Then, you need to apply this key-chain to the OSPF area:
router ospf 1
area 0
authentication keychain R1
interface GigabitEthernet0/0/0/2
commit
This authentication command can be applied at the interface or the router ospf configuration mode. More information about the command can be found here:
I hope this has been helpful!
Laz