ospf md5 authentication with multiple keys
been mucking with this one for an hour - I couldn't figure out how to keep the Key 2 from sending to the R1/2 and basically not setting up ospf
the suggestion is to put all keys on all 5 routers and then remove key two or one from the two that don't need it - the youngest keys should keep going
that worked - UNTIL I cleared the ospf process on Router 5 - then tu0 wouldn't come back up on R1/2
I came up with a workaround hack - (but it fills my console with expried key messages) - I use a key-chain authentication with md5 crypto algorithm so as to meet the requirements - on R5 I set send and accept lifetimes to full - and on R1/R2 I have to set up both keys - but I set the send / accept lifetimes for key 2 to basically, two seconds in 1999 and the key 1 accept and send are infinite
any attempt to remove both keys from R1 or R2 and a proc reset has them trying to install key 2 and failing - this was the only way I could survive an ospf process reset -
anyone else think the task as it stands doesn't exactly provide reliability?