Refer to the exhibit.
Which configuration must the engineer apply on CSR103 to resolve the problem?
Exam 300-410 All QuestionsBrowse all questions from this exam
Question 465
Correct Answer: C
The OSPF configuration issue is related to MD5 authentication as indicated in the output. The exhibit shows that the interface is configured for cryptographic authentication, and the options involving MD5 (C and D) align with this. However, the correct configuration involves setting the MD5 key directly on the interface and enabling message-digest for OSPF. Thus, option C is correct because it correctly configures the MD5 authentication for OSPF on the interface by specifying the key and enabling message-digest authentication.
Discussion
HungarianDishOption: C
The question is about ospf md5 authentication. Based on the output md5 authentication has been enabled under the interface and not under the ospf process. That's why it shows "Cryptographic authentication enabled" under "show ip ospf int gig 2". This information is not displayed under the interface if authentication is enabled under the ospf process. (I labbed it.) In this case, "C" is correct (and not "D", which enables it under the process.)
HungarianDish
Example: https://networklessons.com/ospf/how-to-configure-ospf-md5-authentication interface GigabitEthernet 2 ip address 172.16.1.42 255.255.255.252 ip ospf 1 area 1 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 cisco
HungarianDish
"A" and "B" are completly wrong. The key chain configuration shown in the output is for eigrp, and the key chain was named as "ospf" to make the question tricky. https://community.cisco.com/t5/switching/key-chain-md5-authentication-in-ospf/td-p/1327717 "OSPF is not using key chain, it is using authentication key you configured in the OSPF process or interface level."
buddhagaut
why not? key chains can be configured for OSPF too... https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/xe-16-10/iro-xe-16-10-book/iro-ospfv2-crypto-authen-xe.html https://networklessons.com/cisco/ccie-routing-switching-written/ospf-hmac-sha-extended-authentication Also, with md5 auth, interface looks like this: Message digest authentication enabled Youngest key id is 1 with cryptographic auth, looks like: Cryptographic authentication enabled Sending SA: Key 25, Algorithm HMAC-SHA-256 – key chain sample1 ------ This example had sha-256 and in the output of our question 256 is not mentioned, hence they configured sha1, option B is correct
Pietjeplukgeluk
Maybe it is me, but this question does seem of bad quality. Even C would create a "key-chain" but this seems configuration that is incorrect. I will skip this question as the question itself misses the point.
saiyuki1209Option: C
md5 authentication -------------------------- Message digest authentication enabled Youngest key id is 1 -------------------------- https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13697-25.html
sal077Option: B
Not C or D because it's MD5, not Cryptograhpic as output states Not A because the output should show SHA-256 So B it's correct. It's IOS XE because is a CSR router: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/xe-16-10/iro-xe-16-10-book/iro-ospfv2-crypto-authen-xe.html
buddhagaut
agree with the explanation, with sha-256 output looks like: Cryptographic authentication enabled Sending SA: Key 25, Algorithm HMAC-SHA-256 – key chain sample1
bb90403Option: B
C & D are wrong - we already have configured the router with md5 authentication and neighborship lost, no point to re-configure md5. From the answers probably we need to switch back to sha. A -> Wrong, when i tried to configure the same string i received "Invalid encrypted keystring" B -> Correct , encrypted string "02050D480809" is decrypted string "cisco"
mouin
Both C and D work, and the message "Youngest key id is 1" has nothing to do with the key chain. I tried both (C&D) without configuring key chain and with key chain and they worked fine
inteldarvidOption: C
yes, option C