V5设备ospf配置邻居验证后邻居无法建立

两设备建立ospf邻居

在不配置ospf验证情况下可以正常建立，在接口配置ospf验证后邻居无法建立 

设备接口配置

interface Ten-GigabitEthernet0/24.1

 vlan-type dot1q vid 1

 ip address 218.XXX.XXX.XXX 255.255.255.252

 ospf cost 10

 ospf authentication-mode md5 1 cipher $c$3$sZj2VXsv6dEOdIq4SkeW/NKNQA4=

 ospf network-type p2p

ospf 1 router-id 218.205.XXX.XX

 silent-interface LoopBack0

 area 0.0.0.0

  network 218.XXX.XXX.XXX 0.0.0.3

  network 218.XXX.XXX.XXX 0.0.0.3

 area 0.0.0.1

两端接口配置ospf的MD5验证，在area骨干区域宣告网段路由，邻居无法建立

查看设备debug信息和日志内容

*Nov 11 04:52:55:651 2020 ROUTE RM/6/RMDEBUG: OSPF 1: SEND Packet.

*Nov 11 04:52:55:651 2020 ROUTE RM/6/RMDEBUG: Source Address: 218.205.XXX.XXX

*Nov 11 04:52:55:651 2020 ROUTE RM/6/RMDEBUG: Destination Address: XXX.0.0.5

*Nov 11 04:52:55:651 2020 ROUTE RM/6/RMDEBUG: Ver# 2, Type: 1, Length: 44.

*Nov 11 04:52:55:652 2020 ROUTE RM/6/RMDEBUG: Router: XXX.XXX.112.27, Area: 0.0.0.0, Checksum: 45241.

*Nov 11 04:52:55:652 2020 ROUTE RM/6/RMDEBUG: AuType: 00, Key(ascii): 0 0 0 0 0 0 0 0.

*Nov 11 04:52:55:652 2020 ROUTE RM/6/RMDEBUG: Net Mask: 255.255.255.252, Hello Int: 10, Option: _E_.

*Nov 11 04:52:55:652 2020 ROUTE RM/6/RMDEBUG: Rtr Priority: 1, Dead Int: 40, DR: 0.0.0.0, BDR: 0.0.0.0.

#Nov 11 04:53:00:927 2020 ROUTE OSPF/3/IF_AUTH_FAIL: OSPF TrapID1.3.6.1.2.1.14.16.2.6<ospfIfAuthFailure>: Non-virtual interface XXX.XXX.115.130 index 0 Router XXX.XXX.112.27 PacekSrc XXX.XXX.115.129 authentication fail 5 PacketType 1 .

*Nov 11 04:53:01:415 2020 ROUTE RM/6/RMDEBUG: OSPF 1: RECV Packet.

*Nov 11 04:53:01:415 2020 ROUTE RM/6/RMDEBUG: Source Address: XXX.XXX.115.138

*Nov 11 04:53:01:415 2020 ROUTE RM/6/RMDEBUG: Destination Address: XXX0.0.5

*Nov 11 04:53:01:415 2020 ROUTE RM/6/RMDEBUG: Ver# 2, Type: 1, Length: 48.

*Nov 11 04:53:01:415 2020 ROUTE RM/6/RMDEBUG: Router: XXX.XXX.112.28, Area: 0.0.0.0, Checksum: 26059.

*Nov 11 04:53:01:415 2020 ROUTE RM/6/RMDEBUG: AuType: 00, Key(ascii): 0 0 0 0 0 0 0 0.

*Nov 11 04:53:01:415 2020 ROUTE RM/6/RMDEBUG: Net Mask: 255.255.255.252, Hello Int: 10, Option: _E_.

*Nov 11 04:53:01:415 2020 ROUTE RM/6/RMDEBUG: Rtr Priority: 1, Dead Int: 40, DR: 0.0.0.0, BDR: 0.0.0.0.

*Nov 11 04:53:01:415 2020 ROUTE RM/6/RMDEBUG: Attached Neighbor: XXX.XXX.112.27.

设备debug报文收发正常，日志内容报错验证失败

#Nov 11 04:53:00:927 2020 ROUTE OSPF/3/IF_AUTH_FAIL: OSPF TrapID1.3.6.1.2.1.14.16.2.6<ospfIfAuthFailure>: Non-virtual interface XXX.XXX.115.130 index 0 Router XXX.XXX.112.27 PacekSrc XXX.XXX.115.129 authentication fail 5 PacketType 1 . 

查看设备ospf error信息

 display ospf error

         OSPF Process 1 with Router ID XXX.XXX.112.27

                 OSPF Packet Error Statistics

 0     : OSPF Router ID confusion      0     : OSPF bad packet

 0     : OSPF bad version              0     : OSPF bad checksum

 0     : OSPF bad area ID              0     : OSPF drop on unnumbered interface

 0     : OSPF bad virtual link         351   : OSPF bad authentication type

 0     : OSPF bad authentication key   0     : OSPF packet too small

 0     : OSPF Neighbor state low       0     : OSPF transmit error

 0     : OSPF interface down           0     : OSPF unknown neighbor

 0     : HELLO: Netmask mismatch       0     : HELLO: Hello timer mismatch

 0     : HELLO: Dead timer mismatch    0     : HELLO: Extern option mismatch

 0     : HELLO: Neighbor unknown       0     : DD: MTU option mismatch

 0     : DD: Unknown LSA type          0     : DD: Extern option mismatch

 0     : LS ACK: Bad ack               0     : LS ACK: Unknown LSA type

 0     : LS REQ: Empty request         0     : LS REQ: Bad request

 0     : LS UPD: LSA checksum bad      2     : LS UPD: Received less recent LSA

 0     : LS UPD: Unknown LSA type

display ospf error

         OSPF Process 1 with Router ID XXX.XXX.112.27

                 OSPF Packet Error Statistics

 0     : OSPF Router ID confusion      0     : OSPF bad packet

 0     : OSPF bad version              0     : OSPF bad checksum

 0     : OSPF bad area ID              0     : OSPF drop on unnumbered interface

 0     : OSPF bad virtual link         371   : OSPF bad authentication type

 0     : OSPF bad authentication key   0     : OSPF packet too small

 0     : OSPF Neighbor state low       0     : OSPF transmit error

 0     : OSPF interface down           0     : OSPF unknown neighbor

 0     : HELLO: Netmask mismatch       0     : HELLO: Hello timer mismatch

 0     : HELLO: Dead timer mismatch    0     : HELLO: Extern option mismatch

 0     : HELLO: Neighbor unknown       0     : DD: MTU option mismatch

 0     : DD: Unknown LSA type          0     : DD: Extern option mismatch

 0     : LS ACK: Bad ack               0     : LS ACK: Unknown LSA type

 0     : LS REQ: Empty request         0     : LS REQ: Bad request

 0     : LS UPD: LSA checksum bad      2     : LS UPD: Received less recent LSA

发现OSPF bad authentication type认证类型错误一直在增长

反复查看两设备接口验证方式一致，均为MD5验证，两端密钥重复配置，保证一致，但是ospf邻居依然无法建立，仍然报错验证类型错误

后经确认，V7设备只需要在接口启用OSPF验证算法进行邻居验证

V5设备不仅需要在接口进行MD5验证，还需要在area区域进行验证开启

增加authentication-mode配置命令

同一网段的接口的验证参数必须相同，并且需使用authentication-mode命令来设置区域验证模式，使得配置生效。

以明文或密文方式设置的验证密码，均以密文的方式保存在配置文件中。

如果没有指定cipher和plain，对于MD5/HMAC-MD5验证模式来说缺省为cipher，对于简单验证模式来说缺省为plain。

相关配置可参考命令authentication-mode。

【举例】

# 配置接口的网段XXX.XXX.0.0/16所在的区域1支持MD5明文验证模式，验证字标识符为15，验证密码为abc。

<Sysname> system-view

[Sysname] ospf 100

[Sysname-ospf-100] area 1

[Sysname-ospf-100-area-0.0.0.1] network XXX.XXX.0.0 0.0.255.255

[Sysname-ospf-100-area-0.0.0.1] authentication-mode md5

[Sysname-ospf-100-area-0.0.0.1] quit

[Sysname-ospf-100] quit

[Sysname] interface gigabitethernet 0/1

[Sysname-GigabitEthernet0/1] ospf authentication-mode md5 15 plain abc